-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-3449 2008-05-09 22:14:45 --------------------------------------------------------------------------------
Name : cups Product : Fedora 7 Version : 1.2.12 Release : 11.fc7 URL : http://www.cups.org/ Summary : Common Unix Printing System Description : The Common UNIX Printing System provides a portable printing layer for UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces.
-------------------------------------------------------------------------------- ChangeLog:
* Fri May 9 2008 Tim Waugh twaugh@redhat.com 1:1.2.12-11 - Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790). * Tue Apr 1 2008 Tim Waugh twaugh@redhat.com 1:1.2.12-10 - Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303). - Applied patch to fix CVE-2008-0053 (HP-GL/2 input processing, bug #438117). - Applied patch to prevent heap-based buffer overflow in CUPS helper program (bug #436153, CVE-2008-0047, STR #2729). * Fri Feb 22 2008 Tim Waugh twaugh@redhat.com 1:1.2.12-9 - Prevent double-free when a browsed class has the same name as a printer or vice versa (CVE-2008-0882, bug #433758, STR #2656). * Mon Nov 12 2007 Tim Waugh twaugh@redhat.com 1:1.2.12-8 - Fixed CVE-2007-4045 patch; has no effect with shipped packages since they are linked with gnutls. - LSPP fixes (cupsdSetString/ClearString). * Wed Nov 7 2007 Tim Waugh twaugh@redhat.com 1:1.2.12-7 - Applied patch to fix CVE-2007-4045 (bug #250161). - Applied patch to fix CVE-2007-4352, CVE-2007-5392 and CVE-2007-5393 (bug #345101). * Thu Nov 1 2007 Tim Waugh twaugh@redhat.com 1:1.2.12-6 - Applied patch to fix CVE-2007-4351 (STR #2561, bug #361661). * Wed Oct 10 2007 Tim Waugh twaugh@redhat.com 1:1.2.12-5 - Use ppdev for parallel port Device ID retrieval (bug #311671). * Thu Aug 9 2007 Tim Waugh twaugh@redhat.com 1:1.2.12-4 - Applied patch to fix CVE-2007-3387 (bug #251518). * Tue Jul 31 2007 Tim Waugh twaugh@redhat.com 1:1.2.12-3 - Better buildroot tag. - Moved LSPP access check and security attributes check in add_job() to before allocation of the job structure (bug #231522). * Mon Jul 23 2007 Tim Waugh twaugh@redhat.com 1:1.2.12-2 - Use kernel support for USB paper-out detection, when available (bug #249213). * Fri Jul 13 2007 Tim Waugh twaugh@redhat.com 1:1.2.12-1 - 1.2.12. No longer need adminutil or str2408 patches. * Wed Jul 4 2007 Tim Waugh twaugh@redhat.com 1:1.2.11-3 - Better paper-out detection patch still (bug #246222). * Fri Jun 29 2007 Tim Waugh twaugh@redhat.com 1:1.2.11-2 - Applied patch to fix group handling in PPDs (bug #186231, STR #2408). * Wed Jun 27 2007 Tim Waugh twaugh@redhat.com 1:1.2.11-1 - Fixed permissions on classes.conf in the file manifest (bug #245748). - 1.2.11. * Tue Jun 12 2007 Tim Waugh twaugh@redhat.com - Make the initscript use start priority 56 (bug #213828). * Mon Jun 11 2007 Tim Waugh twaugh@redhat.com 1:1.2.10-12 - Better paper-out detection patch (bug #241589). * Mon May 21 2007 Tim Waugh twaugh@redhat.com 1:1.2.10-11 - Fixed _cupsAdminSetServerSettings() sharing/shared handling (bug #238057). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #441692 - CVE-2008-1722 cups: integer overflow in the image filter https://bugzilla.redhat.com/show_bug.cgi?id=441692 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update cups' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys --------------------------------------------------------------------------------