| ||||||||||||||||
Fedora alert FEDORA-2008-8801 (cups)
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-8801 2008-10-16 00:41:11 -------------------------------------------------------------------------------- Name : cups Product : Fedora 8 Version : 1.3.9 Release : 1.fc8 URL : http://www.cups.org/ Summary : Common Unix Printing System Description : The Common UNIX Printing System provides a portable printing layer for UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. -------------------------------------------------------------------------------- Update Information: Security release. This updates to 1.3.9 and fixes three integer overflows in the CUPS text and image filters. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 10 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.9-1 - 1.3.9, including fixes for CVE-2008-3639 / STR #2918, CVE-2008-3640 / STR #2919 and CVE-2008-3641 / STR #2911 (bug #466419). - No longer need str2750, CVE-2008-1722 or CVE-2008-1373 patches. * Tue Jul 1 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.7-4 - Fixed bug #447200 again. * Tue Jun 17 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.7-3 - Backported cupsGetNamedDest from 1.4 (bug #428086). - Fixed bug #447200 again. * Tue Jun 3 2008 Tim Waugh <twaugh@redhat.com> - Applied patch to fix STR #2750 (IPP authentication). * Fri May 30 2008 Tim Waugh <twaugh@redhat.com> - For LSPP, pass the job's scon to copy_banner in cupsdTimeoutJob, and check that it is not NULL in copy_banner (bug #447200). * Fri May 9 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.7-2 - Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790). * Fri May 2 2008 Tim Waugh <twaugh@redhat.com> - Include the hostname in the charset error (part of bug #441719). * Thu Apr 10 2008 Tim Waugh <twaugh@redhat.com> - Log an error when a client requests a charset other than ASCII or UTF-8. * Thu Apr 3 2008 Tim Waugh <twaugh@redhat.com> - Main package requires exactly-matching libs package. * Wed Apr 2 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.7-1 - 1.3.7. No longer need str2715, str2727, or CVE-2008-0047 patches. * Tue Apr 1 2008 Tim Waugh <twaugh@redhat.com> 1:1.3.6-4 - Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303). - Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729). * Thu Feb 28 2008 Tim Waugh <twaugh@redhat.com> 1.3.6-3 - Apply upstream fix for Adobe JPEG files (bug #166460, STR #2727). * Sat Feb 23 2008 Tim Waugh <twaugh@redhat.com> 1.3.6-2 - Fix encoding of job-sheets option (bug #433753, STR #2715). * Wed Feb 20 2008 Tim Waugh <twaugh@redhat.com> 1.3.6-1 - 1.3.6. No longer need str2650, str2664, or str2703 patches. * Tue Feb 12 2008 Tim Waugh <twaugh@redhat.com> 1.3.5-3 - Fixed admin.cgi handling of DefaultAuthType (bug #432478, STR #2703). * Mon Jan 21 2008 Tim Waugh <twaugh@redhat.com> 1.3.5-2 - Rebuilt. * Thu Jan 10 2008 Tim Waugh <twaugh@redhat.com> - Apply patch to fix busy looping in the backends (bug #426653, STR #2664). * Wed Jan 9 2008 Tim Waugh <twaugh@redhat.com> - Apply patch to prevent overlong PPD lines from causing failures except in strict mode (bug #405061). Needed for compatibility with older versions of foomatic (e.g. Red Hat Enterprise Linux 3/4). - Applied upstream patch to fix cupsctl --remote-any (bug #421411, STR #2650). * Thu Jan 3 2008 Tim Waugh <twaugh@redhat.com> 1.3.5-1 - 1.3.5. No longer need str2600, CVE-2007-4352,5392,5393 patches. - Efficiency fix for pstoraster (bug #416871). * Fri Nov 30 2007 Tim Waugh <twaugh@redhat.com> - CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are not moved in array operations, only pointers to them. * Tue Nov 27 2007 Tim Waugh <twaugh@redhat.com> - Updated to improved dnssd backend from Till Kamppeter. - Don't undo the util.c parts of STR #2537. * Tue Nov 20 2007 Tim Waugh <twaugh@redhat.com> 1:1.3.4-4 - Added fix for STR #2600 in which cupsd can crash from a NULL dereference with LogLevel debug2 (bug #385631). * Mon Nov 12 2007 Tim Waugh <twaugh@redhat.com> 1:1.3.4-3 - Fixed CVE-2007-4045 patch; has no effect with shipped packages since they are linked with gnutls. - Temporarily undo STR #2537 change so that non-UTF-8 requests are not rejected (bug #378211). - LSPP cupsdSetString/ClearString fixes (bug #378451). * Wed Nov 7 2007 Tim Waugh <twaugh@redhat.com> 1:1.3.4-2 - Applied patch to fix CVE-2007-4045 (bug #250161). - Applied patch to fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (bug #345101). * Thu Nov 1 2007 Tim Waugh <twaugh@redhat.com> 1:1.3.4-1 - 1.3.4 (bug #362971). -------------------------------------------------------------------------------- References: [ 1 ] Bug #464710 - CVE-2008-3639 CUPS: SGI image parser heap-based buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=464710 [ 2 ] Bug #464716 - CVE-2008-3641 CUPS: HP/GL reader insufficient bounds checking https://bugzilla.redhat.com/show_bug.cgi?id=464716 [ 3 ] Bug #464713 - CVE-2008-3640 CUPS: texttops integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=464713 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update cups' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann... (Log in to post comments)
|
||||||||||||||||