[SECURITY] Fedora 20 Update: cups-filters-1.0.53-6.fc20

updates at fedoraproject.org updates at fedoraproject.org
Fri Mar 13 17:16:09 UTC 2015 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-3003
2015-03-04 07:06:53
--------------------------------------------------------------------------------

Name        : cups-filters
Product     : Fedora 20
Version     : 1.0.53
Release     : 6.fc20
URL         : http://www.linuxfoundation.org/collaborate/workgroups/openprinting/cups-filters
Summary     : OpenPrinting CUPS filters and backends
Description :
Contains backends, filters, and other software that was
once part of the core CUPS distribution but is no longer maintained by
Apple Inc. In addition it contains additional filters developed
independently of Apple, especially filters for the PDF-centric printing
workflow introduced by OpenPrinting.

--------------------------------------------------------------------------------
Update Information:

This fixes a security flaw in cups-browsed.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar  2 2015 Jiri Popelka <jpopelka at redhat.com> - 1.0.53-6
cups-browsed: Fixed a security bug in the remove_bad_chars() failing to
               reliably filter out illegal characters. (upstream #1265)
* Fri Jun 13 2014 Tim Waugh <twaugh at redhat.com> - 1.0.53-5
- Really fix execmem issue (bug #1079534).
* Wed Jun 11 2014 Tim Waugh <twaugh at redhat.com> - 1.0.53-4
- Fix build issue (bug #1106101).
* Fri Jun  6 2014 Tim Waugh <twaugh at redhat.com> - 1.0.53-3
- Don't use grep's -P switch in pstopdf as it needs execmem (bug #1079534).
* Fri May  9 2014 Jiri Popelka <jpopelka at redhat.com> - 1.0.53-2
- Return Tim's work-around patch for bug #768811.
* Mon Apr 28 2014 Jiri Popelka <jpopelka at redhat.com> - 1.0.53-1
- 1.0.53
* Wed Apr  2 2014 Jiri Popelka <jpopelka at redhat.com> - 1.0.41-6
- Remote command injection in cups-browsed (bug #1083327).
* Tue Mar 11 2014 Jiri Popelka <jpopelka at redhat.com> - 1.0.41-5
- Don't ship pdftoopvp (#1027557) and urftopdf (#1002947).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1199130 - CVE-2015-2265 cups-filters: remote command execution in remove_bad_chars() (incomplete fix for CVE-2014-2707)
        https://bugzilla.redhat.com/show_bug.cgi?id=1199130
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update cups-filters' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list