[SECURITY] Fedora 14 Update: cups-1.4.8-2.fc14

updates at fedoraproject.org updates at fedoraproject.org
Fri Sep 9 05:24:48 UTC 2011 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-11221
2011-08-19 21:18:04
--------------------------------------------------------------------------------

Name        : cups
Product     : Fedora 14
Version     : 1.4.8
Release     : 2.fc14
URL         : http://www.cups.org/
Summary     : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

--------------------------------------------------------------------------------
Update Information:

This update avoids a GIF reader loop (CVE-2011-2896).
The new upstream release fixes a number of scheduler, driver, and backend issues.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 19 2011 Tim Waugh <twaugh at redhat.com> 1:1.4.8-2
- Avoid GIF reader loop (CVE-2011-2896, STR #3914, bug #727800).
* Tue Jul 26 2011 Jiri Popelka <jpopelka at redhat.com> 1:1.4.8-1
- 1.4.8
* Wed Jul 20 2011 Tim Waugh <twaugh at redhat.com> 1:1.4.7-8
- Don't delete job data files when restarted (STR #3880).
* Fri Jul 15 2011 Tim Waugh <twaugh at redhat.com> 1:1.4.7-7
- Ship an rpm macro for where to put driver executables.
* Wed Jul 13 2011 Tim Waugh <twaugh at redhat.com> 1:1.4.7-6
- Avoid busy loop in cups-polld (bug #720921).
* Thu Jul  7 2011 Jiri Popelka <jpopelka at redhat.com> 1:1.4.7-5
- Fix SNMP supply level crasher (STR #3875, bug #719057).
* Thu Jul  7 2011 Tim Waugh <twaugh at redhat.com> 1:1.4.7-4
- Undo last change which had no effect.  We already remove the .SILENT
  target from the Makefile as part of the build.
* Thu Jul  7 2011 Tim Waugh <twaugh at redhat.com> 1:1.4.7-3
- Make build log verbose enough to include compiler flags used.
* Wed Jun 29 2011 Tim Waugh <twaugh at redhat.com> 1:1.4.7-2
- Tag localization files correctly (bug #716421).
* Tue Jun 28 2011 Jiri Popelka <jpopelka at redhat.com> 1:1.4.7-1
- 1.4.7.
* Thu Mar 10 2011 Tim Waugh <twaugh at redhat.com> 1:1.4.6-7
- LSPP: only warn when unable to get printer context.
* Fri Feb 25 2011 Tim Waugh <twaugh at redhat.com> 1:1.4.6-6
- Fixed build failure due to php_zend_api macro type.
* Fri Feb 25 2011 Tim Waugh <twaugh at redhat.com> 1:1.4.6-5
- Fixed dbus notifier support for job-state-changed.
* Thu Feb 10 2011 Jiri Popelka <jpopelka at redhat.com> 1:1.4.6-4
- Remove testing cups-usb-buffer-size.patch (bug #661814).
* Tue Jan 18 2011 Tim Waugh <twaugh at redhat.com> 1:1.4.6-3
- Don't use --enable-pie configure option as it has been removed and
  is now assumed.  See STR #3691.
* Mon Jan 10 2011 Tim Waugh <twaugh at redhat.com> 1:1.4.6-2
- Use a smaller buffer when writing to USB devices (bug #661814).
- Handle EAI_NONAME when resolving hostnames (bug #617208).
* Fri Jan  7 2011 Jiri Popelka <jpopelka at redhat.com> 1:1.4.6-1
- 1.4.6.
* Wed Dec 22 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.5-4
- Don't crash when job queued for browsed printer that times out
  (bug #660604).
* Mon Dec 13 2010 Jiri Popelka <jpopelka at redhat.com> 1:1.4.5-3
- Call avc_init() only once to not leak file descriptors (bug #654075).
* Fri Dec  3 2010 Jiri Popelka <jpopelka at redhat.com> 1:1.4.5-2
- Changed subsystem lock file name in initscript
  so the service is correctly stopped on reboot or halt (bug #659391).
* Fri Nov 12 2010 Jiri Popelka <jpopelka at redhat.com> 1:1.4.5-1
- 1.4.5.
- No longer need CVE-2010-2941, str3608
* Thu Nov 11 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-11
- Applied patch to fix cupsd memory corruption vulnerability
  (CVE-2010-2941, bug #652161).
- Don't crash when MIME database could not be loaded (bug #610088).
* Wed Sep 29 2010 jkeating - 1:1.4.4-10.1
- Rebuilt for gcc bug 634757
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #727800 - CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=727800
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cups' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list