User: Password:
|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2010-2743 (cups)

From:  updates@fedoraproject.org
To:  package-announce@lists.fedoraproject.org
Subject:  [SECURITY] Fedora 11 Update: cups-1.4.2-26.fc11
Date:  Sat, 13 Mar 2010 02:30:06 +0000
Message-ID:  <20100313023006.B5227110183@bastion02.phx2.fedoraproject.org>
Archive-link:  Article, Thread

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-2743 2010-02-24 04:56:45 -------------------------------------------------------------------------------- Name : cups Product : Fedora 11 Version : 1.4.2 Release : 26.fc11 URL : http://www.cups.org/ Summary : Common Unix Printing System Description : The Common UNIX Printing System provides a portable printing layer for UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. -------------------------------------------------------------------------------- Update Information: This update addresses a denial of service security issue (CVE-2010-0302) as well as fixing several other small problems: * classes.conf is now updated when a class member is deleted. * the usermode dependency has been removed. * the udev rules are now installed in the correct location. * cups-config now has no multilib conflict. * the ipp backend now clears the printer status on completion. * cupsGetNamedDest() is no longer confused by old configuration files. * the scheduler no longer treats SIGPIPE as a filter error. * the gcrypt threading patch has been reverted. * the package no longer owns filesystem-owned directories. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 5 2010 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-26 - Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553, bug #557775). * Tue Mar 2 2010 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-25 - Don't own filesystem locale directories (bug #569403). - Don't apply gcrypt threading patch (bug #553834). - Don't treat SIGPIPE as an error (bug #569770). * Wed Feb 24 2010 Jiri Popelka <jpopelka@redhat.com> 1:1.4.2-24 - Fixed cupsGetNamedDest() so it falls back to the real default printer when a default from configuration file does not exist (bug #565569, STR #3503). * Tue Feb 23 2010 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-23 - Update classes.conf when a class member printer is deleted (bug #565878, STR #3505). * Tue Feb 23 2010 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-22 - Re-initialize the resolver if getnameinfo() returns EAI_AGAIN (bug #567353). * Fri Jan 15 2010 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-21 - Reset status after successful ipp job (bug #548219, STR #3460). * Wed Dec 23 2009 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-20 - Fixed patch for STR #3425 again by adding in back-ported change from svn revision 8929 (bug #549899). No longer need delete-active-printer patch. * Tue Dec 22 2009 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-19 - Fixed ipp authentication for servers requiring authentication for IPP-Get-Printer-Attributes (bug #548873, STR #3458). * Mon Dec 21 2009 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-18 - Ensure proper thread-safety in gnutls's use of libgcrypt (bug #544619). * Sat Dec 19 2009 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-17 - Fixed patch for STR #3425 by adding in back-ported change from svn revision 8936 (bug #548904). * Thu Dec 10 2009 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-16 - Fixed invalid read in cupsAddDest (bug #537460). * Wed Dec 9 2009 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-15 - Use upstream patch to fix scheduler crash when an active printer was deleted (rev 8914). * Tue Dec 8 2009 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-14 - The scheduler did not use the Get-Job-Attributes policy for a printer (STR #3431). - The scheduler added two job-name attributes to each job object (STR #3428). - The scheduler did not clean out completed jobs when PreserveJobHistory was turned off (STR #3425). - The web interface did not show completed jobs (STR #3436). - Authenticated printing did not always work when printing directly to a remote server (STR #3435). - Use upstream patch to stop the network backends incorrectly clearing the media-empty-warning state (rev 8896). - Use upstream patch to fix interrupt handling in the side-channel APIs (rev 8896). - Use upstream patch to handle negative SNMP string lengths (rev 8896). - Use upstream fix for SNMP detection (bug #542857, STR #3413). - Use the text filter for text/css files (bug #545026, STR #3442). - Show conflicting option values in web UI (bug #544326, STR #3440). - Use upstream fix for adjustment of conflicting options (bug #533426, STR #3439). * Tue Dec 8 2009 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-13 - Moved %{_datadir}/cups/ppdc/*.h to the main package (bug #545348). * Fri Dec 4 2009 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-12 - The web interface prevented conflicting options from being adjusted (bug #533426, STR #3439). * Thu Dec 3 2009 Tim Waugh <twaugh@redhat.com> - 1:1.4.2-11 - Fixes for SNMP scanning with Lexmark printers (bug #542857, STR #3413). * Mon Nov 23 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.2-10 - Undo last change as it was incorrect. * Mon Nov 23 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.2-9 - Fixed small typos introduced in fix for bug #536741. * Fri Nov 20 2009 Jiri Popelka <jpopelka@redhat.com> 1:1.4.2-8 - Do not translate russian links showing completed jobs (bug #539354, STR #3422). * Thu Nov 19 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.2-7 - Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200). * Tue Nov 17 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.2-6 - Fixed display of current driver (bug #537182, STR #3418). - Fixed out-of-memory handling when loading jobs (bug #538054, STR #3407). * Mon Nov 16 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.2-5 - Fixed typo in admin web template (bug #537884, STR #3403). - Reset SIGPIPE handler for child processes (bug #537886, STR #3399). * Mon Nov 16 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.2-4 - Upstream fix for GNU TLS error handling bug (bug #537883, STR #3381). * Wed Nov 11 2009 Jiri Popelka <jpopelka@redhat.com> 1:1.4.2-3 - Fixed lspp-patch to avoid memory leak (bug #536741). * Tue Nov 10 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.2-2 - Added explicit version dependency on cups-libs to cups-lpd (bug #502205). * Tue Nov 10 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.2-1 - 1.4.2. No longer need str3380, str3332, str3356, str3396 patches. - Removed postscript.ppd.gz (bug #533371). * Tue Nov 3 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.1-8 - Removed stale patch from STR #2831 which was causing problems with number-up (bug #532516). * Tue Oct 27 2009 Jiri Popelka <jpopelka@redhat.com> 1:1.4.1-7 - Fix incorrectly applied patch from #STR3285 (bug #531108). - Set the PRINTER_IS_SHARED variable for admin.cgi (bug #529634, #STR3390). - Pass through serial parameters correctly in web interface (bug #529635, #STR3391). - Fixed German translation (bug #531144, #STR3396). * Tue Oct 20 2009 Jiri Popelka <jpopelka@redhat.com> 1:1.4.1-6 - Fix cups-lpd to create unique temporary data files (bug #529838). * Mon Oct 19 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.1-5 - Fixed German translation (bug #529575, STR #3380). * Thu Oct 8 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.1-4 - Fixed naming of 'Generic PostScript Printer' entry. * Wed Oct 7 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.1-3 - Use upstream patch for STR #3356 (bug #526405). * Fri Oct 2 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.1-2 - Fixed orientation of page labels when printing text in landscape mode (bug #520141, STR #3334). * Wed Sep 30 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.1-1 - 1.4.1. - Don't use cached PPD for raw queue (bug #526405, STR #3356). * Fri Sep 4 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.0-2 - Fixed the dnssd backend so that it only reports devices once avahi resolution has completed. This makes it report Device IDs (bug #520858). * Fri Aug 28 2009 Tim Waugh <twaugh@redhat.com> 1:1.4.0-1 - 1.4.0. * Wed Aug 26 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.20 - Fixed admin.cgi crash when modifying a class (bug #519724, STR #3312, patch from Jiri Popelka). * Wed Aug 26 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.19 - Prevent infinite loop in cupsDoIORequest when processing HTTP errors (bug #518065, bug #519663, STR #3311). - Fixed document-format-supported attribute when application/octet-stream is enabled (bug #516507, STR #3308, patch from Jiri Popelka). - Fixed buggy JobKillDelay handling fix (STR #3292). - Prevent infinite loop in ppdc (STR #3293). * Fri Aug 21 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.17 - Removed 3-distribution symlink (bug #514244). * Tue Aug 18 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.16 - Fixed JobKillDelay handling for cancelled jobs (bug #518026, STR #3292). - Use 'exec' to invoke ghostscript in the pstoraster filter. This allows the SIGTERM signal to reach the correct process, as well as conserving memory (part of bug #518026). * Tue Aug 11 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.15 - Avoid empty BrowseLocalProtocols setting (bug #516460, STR #3287). - Fixed ppds.dat handling of drv files (bug #515027, STR #3279). - Fixed udev rules file to avoid DEVTYPE warning messages. - Fixed cupsGetNamedDest() so it does not fall back to the default printer when a destination has been named (bug #516439, STR #3285). - Fixed MIME type rules for image/jpeg and image/x-bitmap (bug #516438, STR #3284). - Clear out cache files on upgrade. - Require acl. * Thu Aug 6 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.14 - Ship udev rules to allow libusb to access printer devices. - Fixed duplex test pages (bug #514898, STR #3277). - Removed temporary snmp option from socket backend. * Wed Jul 29 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.12 - Fixed Avahi support in the dnssd backend (bug #513888). - Fixed incorrect arguments to sigaction() in dnssd backend (STR #3272). - Cheaply restore compatibility with 1.1.x by having cups_get_sdests() perform a CUPS_GET_CLASSES request if it is not sure it is talking to CUPS 1.2 or later (bug #512866). * Tue Jul 28 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.11 - Temporarily added snmp option to socket backend for debugging purposes. - Prevent ipp backend looping with bad IPP devices (bug #476424, STR #3262). - Fixed Device ID reporting in the usb backend (STR #3266). * Wed Jul 15 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.10 - Applied patch to prevent bad job control files crashing cupsd on start-up (STR #3253, bug #509741). - Correctly handle CUPS-Get-PPDs requests for models with '+' in their names (STR #3254, bug #509586). - Accept incorrect device URIs in the (non-libusb) usb backend for compatibility with Fedora 11 before bug #507244 was fixed. - Applied patch to fix incorrect device URIs (STR #3259, bug #507244). - Applied patch to fix job-hold-until for remote queues (STR #3258, bug #497376). * Mon Jul 13 2009 Remi Collet <Fedora@FamilleCollet.com> 1:1.4-0.rc1.9 - add PHP ABI check - use php_extdir - add php configuration file (/etc/php.d/cups.ini) * Fri Jul 10 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.8 - Build does not require aspell-devel (bug #510405). * Wed Jul 1 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.7 - Fixed template problem preventing current printer option defaults from being shown in the web interface (bug #506794, STR #3244). * Wed Jul 1 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.6 - Fixed lpadmin for remote 1.3.x servers (bug #506977, STR #3231). * Tue Jun 23 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.5 - Added more debugging output when constructing filter chain. * Thu Jun 18 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.4 - More complete fix for STR #3229 (bug #506461). * Wed Jun 17 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.3 - Don't use RPM_SOURCE_DIR macro. - Fixed add/modify-printer templates which had extra double-quote characters, preventing the Continue button from appearing in certain browsers (bug #506461, STR #3229). * Wed Jun 17 2009 Tim Waugh <twaugh@redhat.com> 1:1.4-0.rc1.1 - 1.4rc1. No longer need str3124, CVE-2009-0163, CVE-2009-0164, str3197, missing-devices patches. - Disabled avahi patch for the time being. More work is needed to port this to rc1. - Removed wbuffer patch as it is not needed (see STR #1968). -------------------------------------------------------------------------------- References: [ 1 ] Bug #557775 - CVE-2010-0302 cups Incomplete fix for CVE-2009-3553 https://bugzilla.redhat.com/show_bug.cgi?id=557775 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update cups' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds