[SECURITY] Fedora 13 Update: cups-1.4.4-5.fc13
updates at fedoraproject.org
updates at fedoraproject.org
Thu Jul 1 18:44:56 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-10388
2010-06-25 17:05:18
--------------------------------------------------------------------------------
Name : cups
Product : Fedora 13
Version : 1.4.4
Release : 5.fc13
URL : http://www.cups.org/
Summary : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
--------------------------------------------------------------------------------
Update Information:
New upstream release fixing several security issues: CVE-2010-0540,
CVE-2010-0542, CVE-2010-1748.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 28 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-5
- Avoid empty notify-subscribed-event attributes (bug #606909,
STR #3608).
* Thu Jun 24 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-4
- Use gnutls again but disable threading (bug #607159).
* Tue Jun 22 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-3
- Rebuilt to keep correct package n-v-r ordering between releases.
* Fri Jun 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-2
- Re-enabled SSL support by using OpenSSL instead of gnutls.
* Fri Jun 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-1
- 1.4.4. Fixes several security vulnerabilities (bug #605399):
CVE-2010-0540, CVE-2010-0542, CVE-2010-1748. No longer need str3503,
str3399, str3505, str3541, str3425p2 or CVE-2010-0302 patches.
* Thu Jun 10 2010 Tim Waugh <twaugh at redhat.com>
- Removed unapplied gnutls-gcrypt-threads patch. Fixed typos in
descriptions for lpd and php sub-packages.
* Wed Jun 9 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-11
- Use upstream method of handling SNMP quirks in PPDs (STR #3551,
bug #581825).
* Tue Jun 1 2010 Jiri Popelka <jpopelka at redhat.com> 1:1.4.3-10
- Added back still useful str3425.patch.
Second part of STR #3425 is still not fixed in 1.4.3
* Tue May 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-9
- Adjust texttops output to be in natural orientation (STR #3563).
This fixes page-label orientation when texttops is used in the
filter chain (bug #572338).
* Thu May 13 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-8
- Fixed Ricoh Device ID OID (STR #3552).
* Tue May 11 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-7
- Add an SNMP query for Ricoh's device ID OID (STR #3552).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #591983 - CVE-2010-1748 cups: web interface memory disclosure
https://bugzilla.redhat.com/show_bug.cgi?id=591983
[ 2 ] Bug #605397 - cups: latent privilege escalation vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=605397
[ 3 ] Bug #587746 - CVE-2010-0542 CUPS: texttops unchecked memory allocation failure leading to NULL pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=587746
[ 4 ] Bug #588805 - CVE-2010-0540 CUPS administrator web interface CSRF
https://bugzilla.redhat.com/show_bug.cgi?id=588805
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update cups' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list