LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2008-3586 (cups)



From:
    	      updates@fedoraproject.org


To:
    	      fedora-package-announce@redhat.com


Subject:
    	      [SECURITY] Fedora 8 Update: cups-1.3.7-2.fc8


Date:
    	      Sat, 10 May 2008 13:54:12 +0000


Message-ID:
    	      <200805101412.m4AEBcsZ021692@bastion.fedora.phx.redhat.com>


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-3586
2008-05-09 22:38:06
--------------------------------------------------------------------------------

Name        : cups
Product     : Fedora 8
Version     : 1.3.7
Release     : 2.fc8
URL         : http://www.cups.org/
Summary     : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX? operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

--------------------------------------------------------------------------------
ChangeLog:

* Fri May  9 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.7-2
- Applied patch to fix CVE-2008-1722 (integer overflow in image filter,
  bug #441692, STR #2790).
* Fri May  2 2008 Tim Waugh <twaugh@redhat.com>
- Include the hostname in the charset error (part of bug #441719).
* Thu Apr 10 2008 Tim Waugh <twaugh@redhat.com>
- Log an error when a client requests a charset other than ASCII or UTF-8.
* Thu Apr  3 2008 Tim Waugh <twaugh@redhat.com>
- Main package requires exactly-matching libs package.
* Wed Apr  2 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.7-1
- 1.3.7.  No longer need str2715, str2727, or CVE-2008-0047 patches.
* Tue Apr  1 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.6-4
- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303).
- Applied patch to prevent heap-based buffer overflow in CUPS helper
  program (bug #436153, CVE-2008-0047, STR #2729).
* Thu Feb 28 2008 Tim Waugh <twaugh@redhat.com> 1.3.6-3
- Apply upstream fix for Adobe JPEG files (bug #166460, STR #2727).
* Sat Feb 23 2008 Tim Waugh <twaugh@redhat.com> 1.3.6-2
- Fix encoding of job-sheets option (bug #433753, STR #2715).
* Wed Feb 20 2008 Tim Waugh <twaugh@redhat.com> 1.3.6-1
- 1.3.6.  No longer need str2650, str2664, or str2703 patches.
* Tue Feb 12 2008 Tim Waugh <twaugh@redhat.com> 1.3.5-3
- Fixed admin.cgi handling of DefaultAuthType (bug #432478, STR #2703).
* Mon Jan 21 2008 Tim Waugh <twaugh@redhat.com> 1.3.5-2
- Rebuilt.
* Thu Jan 10 2008 Tim Waugh <twaugh@redhat.com>
- Apply patch to fix busy looping in the backends (bug #426653, STR #2664).
* Wed Jan  9 2008 Tim Waugh <twaugh@redhat.com>
- Apply patch to prevent overlong PPD lines from causing failures except
  in strict mode (bug #405061).  Needed for compatibility with older
  versions of foomatic (e.g. Red Hat Enterprise Linux 3/4).
- Applied upstream patch to fix cupsctl --remote-any (bug #421411, STR #2650).
* Thu Jan  3 2008 Tim Waugh <twaugh@redhat.com> 1.3.5-1
- 1.3.5.  No longer need str2600, CVE-2007-4352,5392,5393 patches.
- Efficiency fix for pstoraster (bug #416871).
* Fri Nov 30 2007 Tim Waugh <twaugh@redhat.com>
- CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are
  not moved in array operations, only pointers to them.
* Tue Nov 27 2007 Tim Waugh <twaugh@redhat.com>
- Updated to improved dnssd backend from Till Kamppeter.
- Don't undo the util.c parts of STR #2537.
* Tue Nov 20 2007 Tim Waugh <twaugh@redhat.com> 1:1.3.4-4
- Added fix for STR #2600 in which cupsd can crash from a NULL dereference
  with LogLevel debug2 (bug #385631).
* Mon Nov 12 2007 Tim Waugh <twaugh@redhat.com> 1:1.3.4-3
- Fixed CVE-2007-4045 patch; has no effect with shipped packages since they
  are linked with gnutls.
- Temporarily undo STR #2537 change so that non-UTF-8 requests are not
  rejected (bug #378211).
- LSPP cupsdSetString/ClearString fixes (bug #378451).
* Wed Nov  7 2007 Tim Waugh <twaugh@redhat.com> 1:1.3.4-2
- Applied patch to fix CVE-2007-4045 (bug #250161).
- Applied patch to fix CVE-2007-4352, CVE-2007-5392 and
  CVE-2007-5393 (bug #345101).
* Thu Nov  1 2007 Tim Waugh <twaugh@redhat.com> 1:1.3.4-1
- 1.3.4 (bug #362971).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #441692 - CVE-2008-1722 cups: integer overflow in the image filter
        https://bugzilla.redhat.com/show_bug.cgi?id=441692
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cups' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds