——————————————————————————–
Fedora Update Notification
FEDORA-2014-9703
2014-08-23 01:13:57
——————————————————————————–

Name : cups
Product : Fedora 19
Version : 1.6.4
Release : 10.fc19
URL : http://www.cups.org/
Summary : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX® operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

——————————————————————————–
Update Information:

Upstream patches have been applied to prevent long-running Get-Jobs operations preventing other requests from being handled, and to fix the order of completed jobs in Get-Jobs responses.
This update fixes a security flaw potentially leading to a disclosure of information.
——————————————————————————–
ChangeLog:

* Tue Aug 26 2014 Tim Waugh <twaugh@redhat.com> – 1:1.6.4-10
– Use upstream patch for STR #4461.
* Thu Aug 21 2014 Tim Waugh <twaugh@redhat.com> – 1:1.6.4-9
– Upstream patch for STR #4396, pre-requisite for STR #2913 patch.
– Upstream patch for STR #2913 to limit Get-Jobs replies to 500 jobs
(bug #421671).
* Mon Aug 11 2014 Tim Waugh <twaugh@redhat.com> – 1:1.6.4-8
– Fix conf/log file reading for authenticated users (STR #4461).
* Wed Jul 23 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.6.4-7
– CVE-2014-5029, CVE-2014-5030, CVE-2014-5031 (#1122601)
* Mon Jul 14 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.6.4-6
– CVE-2014-3537 (#1119303)
* Mon Apr 14 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.6.4-5
– Scheduler now blocks URLs containing embedded HTML (bug #1087123, STR #4356).
* Tue Mar 11 2014 Tim Waugh <twaugh@redhat.com> – 1:1.6.4-4
– Track local default in cupsEnumDests() (STR #4332).
– Prevent feedback loop when fetching error_log over HTTP (STR #4366).
– Fix for cupsEnumDest() ‘removed’ callbacks (bug #1054312, STR #4380).
– Prevent dnssd backend exiting too early (bug #1026940, STR #4365).
– Use ‘-f’ when using rm in %setup section.
– Prevent USB timeouts causing incorrect print output (bug #1026914).
* Thu Nov 14 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.4-3
– Avoid stale lockfile in dbus notifier (bug #1026949).
* Fri Sep 27 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.4-2
– Reverted upstream change to FINAL_CONTENT_TYPE in order to fix
printing to remote CUPS servers (bug #1010580).
* Wed Sep 25 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.4-1
– 1.6.4.
* Wed Aug 21 2013 Jaromír Končický <jkoncick@redhat.com> – 1:1.6.3-8
– Add SyncOnClose option (bug #984883).
* Fri Aug 16 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.3-7
– Increase web interface get-devices timeout to 10s (bug #996664).
* Thu Aug 15 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.3-6
– Build with full read-only relocations (bug #996740).
* Tue Aug 6 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.3-5
– Fixes for jobs with multiple files and multiple formats.
* Wed Jul 24 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.3-4
– Fixed cups-config, broken by last change (bug #987660).
* Mon Jul 22 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.3-3
– Removed stale comment in spec file.
– Link against OpenSSL instead of GnuTLS.
* Thu Jul 18 2013 Tim Waugh <twaugh@redhat.com> – 1:1.6.3-2
– Fixed downoad URL to point to the actual source, not a download
page.
* Fri Jul 12 2013 Jiri Popelka <jpopelka@redhat.com> – 1:1.6.3-1
– 1.6.3
* Thu Jul 11 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-18
– Avoid sign-extending CRCs for gz decompression (bug #983486).
* Wed Jul 10 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-17
– Fixed download URL.
* Wed Jul 10 2013 Jiri Popelka <jpopelka@redhat.com> – 1:1.6.2-16
– Remove pstops cost factor tweak from conf/mime.convs.in
* Mon Jul 1 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-15
– Don’t use D-Bus from two threads (bug #979748).
* Fri Jun 28 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-14
– Fix for DNSSD name resolution.
* Wed Jun 26 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-13
– Don’t link against libgcrypt needlessly.
* Wed Jun 26 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-12
– Default to IPP/1.1 for now (bug #977813).
* Tue Jun 25 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-11
– Added usblp quirk for Canon PIXMA MP540 (bug #967873).
* Tue Jun 18 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-10
– Added IEEE 1284 Device ID for a Dymo device (bug #747866).
——————————————————————————–
References:

[ 1 ] Bug #1115576 – CVE-2014-3537 cups: insufficient checking leads to privilege escalation
https://bugzilla.redhat.com/show_bug.cgi?id=1115576
[ 2 ] Bug #1122600 – CVE-2014-5029 cups: Incomplete fix for CVE-2014-3537
https://bugzilla.redhat.com/show_bug.cgi?id=1122600
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update cups’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce