-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2009-11314 2009-11-11 14:14:44 --------------------------------------------------------------------------------
Name : cups Product : Fedora 12 Version : 1.4.2 Release : 7.fc12 URL : http://www.cups.org/ Summary : Common Unix Printing System Description : The Common UNIX Printing System provides a portable printing layer for UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces.
-------------------------------------------------------------------------------- Update Information:
New release, including fix for XSS vulnerability in web interface (CVE-2009-2820) and for improper reference counting in abstract file descriptors handling interface (CVE-2009-3553). -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 19 2009 Tim Waugh twaugh@redhat.com 1:1.4.2-7 - Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200). * Tue Nov 17 2009 Tim Waugh twaugh@redhat.com 1:1.4.2-6 - Fixed display of current driver (bug #537182, STR #3418). - Fixed out-of-memory handling when loading jobs (bug #538054, STR #3407). * Mon Nov 16 2009 Tim Waugh twaugh@redhat.com 1:1.4.2-5 - Fixed typo in admin web template (bug #537884, STR #3403). - Reset SIGPIPE handler for child processes (bug #537886, STR #3399). * Mon Nov 16 2009 Tim Waugh twaugh@redhat.com 1:1.4.2-4 - Upstream fix for GNU TLS error handling bug (bug #537883, STR #3381). * Wed Nov 11 2009 Jiri Popelka jpopelka@redhat.com 1:1.4.2-3 - Fixed lspp-patch to avoid memory leak (bug #536741). * Tue Nov 10 2009 Tim Waugh twaugh@redhat.com 1:1.4.2-2 - Added explicit version dependency on cups-libs to cups-lpd (bug #502205). * Tue Nov 10 2009 Tim Waugh twaugh@redhat.com 1:1.4.2-1 - 1.4.2. No longer need str3380, str3332, str3356, str3396 patches. - Removed postscript.ppd.gz (bug #533371). - Renumbered patches and sources. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #529833 - CVE-2009-2820 cups: Several XSS flaws in forms processed by CUPS web interface https://bugzilla.redhat.com/show_bug.cgi?id=529833 [ 2 ] Bug #530111 - CVE-2009-3553 cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface https://bugzilla.redhat.com/show_bug.cgi?id=530111 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update cups' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys --------------------------------------------------------------------------------