Fedora alert FEDORA-2008-1976 (cups)
| From: | updates@fedoraproject.org | |
| To: | fedora-package-announce@redhat.com | |
| Subject: | [SECURITY] Fedora 7 Update: cups-1.2.12-9.fc7 | |
| Date: | Mon, 25 Feb 2008 17:26:17 -0700 | |
| Message-ID: | <200802260026.m1Q0PnZa026144@bastion.fedora.phx.redhat.com> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-1976 2008-02-25 22:15:12 -------------------------------------------------------------------------------- Name : cups Product : Fedora 7 Version : 1.2.12 Release : 9.fc7 URL : http://www.cups.org/ Summary : Common Unix Printing System Description : The Common UNIX Printing System provides a portable printing layer for UNIX? operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. -------------------------------------------------------------------------------- Update Information: This update contains a back-ported fix for a security issue that may cause cups daemon to crash via special browse requests (CVE-2008-0882, #433758, SA28994, STR#2656). -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 22 2008 Tim Waugh <twaugh@redhat.com> 1:1.2.12-9 - Prevent double-free when a browsed class has the same name as a printer or vice versa (CVE-2008-0882, bug #433758, STR #2656). * Mon Nov 12 2007 Tim Waugh <twaugh@redhat.com> 1:1.2.12-8 - Fixed CVE-2007-4045 patch; has no effect with shipped packages since they are linked with gnutls. - LSPP fixes (cupsdSetString/ClearString). * Wed Nov 7 2007 Tim Waugh <twaugh@redhat.com> 1:1.2.12-7 - Applied patch to fix CVE-2007-4045 (bug #250161). - Applied patch to fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (bug #345101). * Thu Nov 1 2007 Tim Waugh <twaugh@redhat.com> 1:1.2.12-6 - Applied patch to fix CVE-2007-4351 (STR #2561, bug #361661). * Wed Oct 10 2007 Tim Waugh <twaugh@redhat.com> 1:1.2.12-5 - Use ppdev for parallel port Device ID retrieval (bug #311671). * Thu Aug 9 2007 Tim Waugh <twaugh@redhat.com> 1:1.2.12-4 - Applied patch to fix CVE-2007-3387 (bug #251518). * Tue Jul 31 2007 Tim Waugh <twaugh@redhat.com> 1:1.2.12-3 - Better buildroot tag. - Moved LSPP access check and security attributes check in add_job() to before allocation of the job structure (bug #231522). * Mon Jul 23 2007 Tim Waugh <twaugh@redhat.com> 1:1.2.12-2 - Use kernel support for USB paper-out detection, when available (bug #249213). * Fri Jul 13 2007 Tim Waugh <twaugh@redhat.com> 1:1.2.12-1 - 1.2.12. No longer need adminutil or str2408 patches. * Wed Jul 4 2007 Tim Waugh <twaugh@redhat.com> 1:1.2.11-3 - Better paper-out detection patch still (bug #246222). * Fri Jun 29 2007 Tim Waugh <twaugh@redhat.com> 1:1.2.11-2 - Applied patch to fix group handling in PPDs (bug #186231, STR #2408). * Wed Jun 27 2007 Tim Waugh <twaugh@redhat.com> 1:1.2.11-1 - Fixed permissions on classes.conf in the file manifest (bug #245748). - 1.2.11. * Tue Jun 12 2007 Tim Waugh <twaugh@redhat.com> - Make the initscript use start priority 56 (bug #213828). * Mon Jun 11 2007 Tim Waugh <twaugh@redhat.com> 1:1.2.10-12 - Better paper-out detection patch (bug #241589). * Mon May 21 2007 Tim Waugh <twaugh@redhat.com> 1:1.2.10-11 - Fixed _cupsAdminSetServerSettings() sharing/shared handling (bug #238057). -------------------------------------------------------------------------------- References: [ 1 ] Bug #433758 - CVE-2008-0882 cups: double free vulnerability in process_browse_data() https://bugzilla.redhat.com/show_bug.cgi?id=433758 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update cups' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann...