Sigurnosni nedostatak programskog paketa cups

Preporuke

by ncert - 29. travnja 2014.30. travnja 2014.0

Detalji os-a: WN7
Važnost: IMP
Operativni sustavi: L
Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2014-4384
2014-03-27 03:54:47
——————————————————————————–

Name : cups
Product : Fedora 19
Version : 1.6.4
Release : 5.fc19
URL : http://www.cups.org/
Summary : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX® operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

——————————————————————————–
Update Information:

This update fixes possible cross-site scripting issue in CUPS web interface and includes some bug fixes from Fedora 20.
——————————————————————————–
ChangeLog:

* Mon Apr 14 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.6.4-5
– Scheduler now blocks URLs containing embedded HTML (bug #1087123, STR #4356).
* Tue Mar 11 2014 Tim Waugh <twaugh@redhat.com> – 1:1.6.4-4
– Track local default in cupsEnumDests() (STR #4332).
– Prevent feedback loop when fetching error_log over HTTP (STR #4366).
– Fix for cupsEnumDest() ‘removed’ callbacks (bug #1054312, STR #4380).
– Prevent dnssd backend exiting too early (bug #1026940, STR #4365).
– Use ‘-f’ when using rm in %setup section.
– Prevent USB timeouts causing incorrect print output (bug #1026914).
* Thu Nov 14 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.4-3
– Avoid stale lockfile in dbus notifier (bug #1026949).
* Fri Sep 27 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.4-2
– Reverted upstream change to FINAL_CONTENT_TYPE in order to fix
printing to remote CUPS servers (bug #1010580).
* Wed Sep 25 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.4-1
– 1.6.4.
* Wed Aug 21 2013 Jaromír Končický <jkoncick@redhat.com> – 1:1.6.3-8
– Add SyncOnClose option (bug #984883).
* Fri Aug 16 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.3-7
– Increase web interface get-devices timeout to 10s (bug #996664).
* Thu Aug 15 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.3-6
– Build with full read-only relocations (bug #996740).
* Tue Aug 6 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.3-5
– Fixes for jobs with multiple files and multiple formats.
* Wed Jul 24 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.3-4
– Fixed cups-config, broken by last change (bug #987660).
* Mon Jul 22 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.3-3
– Removed stale comment in spec file.
– Link against OpenSSL instead of GnuTLS.
* Thu Jul 18 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.3-2
– Fixed downoad URL to point to the actual source, not a download
page.
* Fri Jul 12 2013 Jiri Popelka <jpopelka@redhat.com> – 1:1.6.3-1
– 1.6.3
* Thu Jul 11 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-18
– Avoid sign-extending CRCs for gz decompression (bug #983486).
* Wed Jul 10 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-17
– Fixed download URL.
* Wed Jul 10 2013 Jiri Popelka <jpopelka@redhat.com> – 1:1.6.2-16
– Remove pstops cost factor tweak from conf/mime.convs.in
* Mon Jul 1 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-15
– Don’t use D-Bus from two threads (bug #979748).
* Fri Jun 28 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-14
– Fix for DNSSD name resolution.
* Wed Jun 26 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-13
– Don’t link against libgcrypt needlessly.
* Wed Jun 26 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-12
– Default to IPP/1.1 for now (bug #977813).
* Tue Jun 25 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-11
– Added usblp quirk for Canon PIXMA MP540 (bug #967873).
* Tue Jun 18 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-10
– Added IEEE 1284 Device ID for a Dymo device (bug #747866).
——————————————————————————–
References:

[ 1 ] Bug #1087122 – CVE-2014-2856 cups: cross-site scripting flaw fixed in the 1.7.2 release
https://bugzilla.redhat.com/show_bug.cgi?id=1087122
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update cups’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2014-5079
2014-04-15 12:11:46
——————————————————————————–

Name : cups
Product : Fedora 20
Version : 1.7.2
Release : 1.fc20
URL : http://www.cups.org/
Summary : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX® operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

——————————————————————————–
Update Information:

Upstream bug-fix release, which among others fixes possible cross-site scripting issue in CUPS web interface.

* https://cups.org/blog.php?L717
——————————————————————————–
ChangeLog:

* Mon Apr 14 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.2-1
– 1.7.2
* Thu Apr 3 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-9
– libcups: avoid race condition when sending IPP requests (STR #4386,
bug #1072952).
* Tue Mar 18 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-8
– Removed patch for STR #4386 as it does not work and causes problems
instead (bug #1077239).
* Mon Mar 10 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.1-7
– BuildRequires: pkgconfig(foo) instead of foo-devel
* Thu Mar 6 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-6
– Track local default in cupsEnumDests() (STR #4332).
– libcups: avoid race condition when sending IPP requests (STR #4386).
– Prevent feedback loop when fetching error_log over HTTP (STR #4366).
* Wed Mar 5 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-5
– Fix for cupsEnumDest() ‘removed’ callbacks (bug #1054312, STR #4380).
* Mon Feb 17 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-4
– Document ‘journal’ logging target.
* Tue Feb 11 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-3
– Prevent dnssd backend exiting too early (bug #1026940, STR #4365).
* Mon Feb 3 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.1-2
– move macros.cups from /etc/rpm/ to /usr/lib/rpm/macros.d
* Wed Jan 8 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.1-1
– 1.7.1
* Wed Jan 8 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-11
– Apply upstream patch to improve cupsUser() (STR #4327).
* Tue Jan 7 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-10
– Removed cups-dbus-utf8.patch as no longer needed (see STR #4314).
– Return jobs in rank order when handling IPP-Get-Jobs (STR #4326).
* Thu Jan 2 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-9
– dbus notifier: call _exit when handling SIGTERM (STR #4314).
– Use ‘-f’ when using rm in %setup section.
– Fixed avahi-no-threaded patch so it removes a call to
avahi_threaded_poll_stop() (bug #1044602).
* Fri Dec 13 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-8
– Use string literal for format string in sd_journal_print call.
* Thu Nov 28 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-7
– Prevent USB timeouts causing incorrect print output (bug #1026914).
* Thu Nov 14 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-6
– Avoid stale lockfile in dbus notifier (bug #1026949).
* Thu Nov 7 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-5
– Use upstream patch for stringpool corruption issue (bug #974048).
——————————————————————————–
References:

Autor	Marko Stanec
Cert id	NCERT-REF-2014-04-0008-ADV
Cve	CERT-CVE-DUMMY
ID izvornika	CERT-ORIGID-DUMMY
Proizvod	CERT-DUMMY-PRODUCT
Izvor	http://www.adobe.com/

Sigurnosni nedostatak programskog paketa cups

Archives

More in Preporuke

Sigurnosni nedostaci programskog paketa mysql