You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa cups

Sigurnosni nedostaci programskog paketa cups

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2014-8752
2014-07-24 02:41:11
——————————————————————————–

Name : cups
Product : Fedora 20
Version : 1.7.4
Release : 3.fc20
URL : http://www.cups.org/
Summary : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX® operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

——————————————————————————–
Update Information:

This update fixes one security flaw as well as broken CGI script handling.
——————————————————————————–
ChangeLog:

* Wed Jul 23 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.4-3
– CVE-2014-5029, CVE-2014-5030, CVE-2014-5031 (#1122601)
* Wed Jul 23 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.4-2
– Fix CGI handling (STR #4454).
* Mon Jul 14 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.4-1
– 1.7.4: CVE-2014-3537
* Wed May 28 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.3-1
– 1.7.3
– str4386.patch merged upstream in STR #4403
* Fri May 9 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.2-2
– Another attempt at avoiding race condition when sending IPP requests
(STR #4386, bug #1072952).
* Mon Apr 14 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.2-1
– 1.7.2
* Thu Apr 3 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-9
– libcups: avoid race condition when sending IPP requests (STR #4386,
bug #1072952).
* Tue Mar 18 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-8
– Removed patch for STR #4386 as it does not work and causes problems
instead (bug #1077239).
* Mon Mar 10 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.1-7
– BuildRequires: pkgconfig(foo) instead of foo-devel
* Thu Mar 6 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-6
– Track local default in cupsEnumDests() (STR #4332).
– libcups: avoid race condition when sending IPP requests (STR #4386).
– Prevent feedback loop when fetching error_log over HTTP (STR #4366).
* Wed Mar 5 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-5
– Fix for cupsEnumDest() ‘removed’ callbacks (bug #1054312, STR #4380).
* Mon Feb 17 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-4
– Document ‘journal’ logging target.
* Tue Feb 11 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-3
– Prevent dnssd backend exiting too early (bug #1026940, STR #4365).
* Mon Feb 3 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.1-2
– move macros.cups from /etc/rpm/ to /usr/lib/rpm/macros.d
* Wed Jan 8 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.1-1
– 1.7.1
* Wed Jan 8 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-11
– Apply upstream patch to improve cupsUser() (STR #4327).
* Tue Jan 7 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-10
– Removed cups-dbus-utf8.patch as no longer needed (see STR #4314).
– Return jobs in rank order when handling IPP-Get-Jobs (STR #4326).
* Thu Jan 2 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-9
– dbus notifier: call _exit when handling SIGTERM (STR #4314).
– Use ‘-f’ when using rm in %setup section.
– Fixed avahi-no-threaded patch so it removes a call to
avahi_threaded_poll_stop() (bug #1044602).
* Fri Dec 13 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-8
– Use string literal for format string in sd_journal_print call.
* Thu Nov 28 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-7
– Prevent USB timeouts causing incorrect print output (bug #1026914).
* Thu Nov 14 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-6
– Avoid stale lockfile in dbus notifier (bug #1026949).
* Thu Nov 7 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-5
– Use upstream patch for stringpool corruption issue (bug #974048).
——————————————————————————–
References:

[ 1 ] Bug #1122600 – CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 cups: Incomplete fix for CVE-2014-3537
https://bugzilla.redhat.com/show_bug.cgi?id=1122600
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update cups’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorMarijo Plepelic
Cert idNCERT-REF-2014-07-0013-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Nadogradnja za firefox i thunderbid

Izdana je nadogradnja za otklanjanje više ranjivosti kod paketa firefox i thunderbird za openSUSE 11.4. Otkrivene ranjivosti mogle su biti...

Close