[SECURITY] Fedora 20 Update: cups-1.7.5-12.fc20

updates at fedoraproject.org updates at fedoraproject.org
Fri Feb 20 08:33:22 UTC 2015


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-2152
2015-02-17 04:44:49
--------------------------------------------------------------------------------

Name        : cups
Product     : Fedora 20
Version     : 1.7.5
Release     : 12.fc20
URL         : http://www.cups.org/
Summary     : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX® operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2014-9679, a buffer overflow when handling CUPS Raster format.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 16 2015 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-12
- Apply upstream patch to fix CVE-2014-9679, cupsRasterReadPixels
  buffer overflow (STR #4551, bug #1191591).
* Wed Oct 22 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-11
- Upstream fix for cupsd crash on restart when colord not available
- (STR #4496).
* Sat Oct 18 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-9
- Fix for last fix (bug #1153660, bug #1154284).
* Thu Oct 16 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-8
- Start cups.service after network.target (bug #1153660).
* Wed Oct 15 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-7
- Fix cupsGetPPD3() so it doesn't give the caller an unreadable file
  (bug #1150917, STR #4500).
- Can no longer reproduce bug #1010580 so removing final-content-type
  patch as it causes issues for some backends (bug #1149244).
* Mon Sep  1 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-6
- Fix icon display in web interface during server restart (STR #4475).
* Mon Sep  1 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-5
- More STR #4461 fixes from upstream.
* Tue Aug 26 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-4
- Use upstream patch for STR #4461.
* Wed Aug 20 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-3
- Upstream patch for STR #4396, pre-requisite for STR #2913 patch.
- Upstream patch for STR #2913 to limit Get-Jobs replies to 500 jobs
  (bug #421671).
* Mon Aug 11 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.5-2
- Fix conf/log file reading for authenticated users (STR #4461).
* Fri Aug  1 2014 Jiri Popelka <jpopelka at redhat.com> - 1:1.7.5-1
- 1.7.5
* Wed Jul 23 2014 Jiri Popelka <jpopelka at redhat.com> - 1:1.7.4-3
- CVE-2014-5029, CVE-2014-5030, CVE-2014-5031 (#1122601)
* Wed Jul 23 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.4-2
- Fix CGI handling (STR #4454).
* Mon Jul 14 2014 Jiri Popelka <jpopelka at redhat.com> - 1:1.7.4-1
- 1.7.4: CVE-2014-3537
* Wed May 28 2014 Jiri Popelka <jpopelka at redhat.com> - 1:1.7.3-1
- 1.7.3
- str4386.patch merged upstream in STR #4403
* Fri May  9 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.2-2
- Another attempt at avoiding race condition when sending IPP requests
  (STR #4386, bug #1072952).
* Mon Apr 14 2014 Jiri Popelka <jpopelka at redhat.com> - 1:1.7.2-1
- 1.7.2
* Thu Apr  3 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.1-9
- libcups: avoid race condition when sending IPP requests (STR #4386,
  bug #1072952).
* Tue Mar 18 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.1-8
- Removed patch for STR #4386 as it does not work and causes problems
  instead (bug #1077239).
* Mon Mar 10 2014 Jiri Popelka <jpopelka at redhat.com> - 1:1.7.1-7
- BuildRequires: pkgconfig(foo) instead of foo-devel
* Thu Mar  6 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.1-6
- Track local default in cupsEnumDests() (STR #4332).
- libcups: avoid race condition when sending IPP requests (STR #4386).
- Prevent feedback loop when fetching error_log over HTTP (STR #4366).
* Wed Mar  5 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.1-5
- Fix for cupsEnumDest() 'removed' callbacks (bug #1054312, STR #4380).
* Mon Feb 17 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.1-4
- Document 'journal' logging target.
* Tue Feb 11 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.1-3
- Prevent dnssd backend exiting too early (bug #1026940, STR #4365).
* Mon Feb  3 2014 Jiri Popelka <jpopelka at redhat.com> - 1:1.7.1-2
- move macros.cups from /etc/rpm/ to /usr/lib/rpm/macros.d
* Wed Jan  8 2014 Jiri Popelka <jpopelka at redhat.com> - 1:1.7.1-1
- 1.7.1
* Wed Jan  8 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.0-11
- Apply upstream patch to improve cupsUser() (STR #4327).
* Tue Jan  7 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.0-10
- Removed cups-dbus-utf8.patch as no longer needed (see STR #4314).
- Return jobs in rank order when handling IPP-Get-Jobs (STR #4326).
* Thu Jan  2 2014 Tim Waugh <twaugh at redhat.com> - 1:1.7.0-9
- dbus notifier: call _exit when handling SIGTERM (STR #4314).
- Use '-f' when using rm in %setup section.
- Fixed avahi-no-threaded patch so it removes a call to
  avahi_threaded_poll_stop() (bug #1044602).
* Fri Dec 13 2013 Tim Waugh <twaugh at redhat.com> - 1:1.7.0-8
- Use string literal for format string in sd_journal_print call.
* Thu Nov 28 2013 Tim Waugh <twaugh at redhat.com> - 1:1.7.0-7
- Prevent USB timeouts causing incorrect print output (bug #1026914).
* Thu Nov 14 2013 Tim Waugh <twaugh at redhat.com> - 1:1.7.0-6
- Avoid stale lockfile in dbus notifier (bug #1026949).
* Thu Nov  7 2013 Tim Waugh <twaugh at redhat.com> - 1:1.7.0-5
- Use upstream patch for stringpool corruption issue (bug #974048).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1191588 - CVE-2014-9679 cups: cupsRasterReadPixels buffer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=1191588
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update cups' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list