- Detalji os-a: FED
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LFE
——————————————————————————–
Fedora Update Notification
FEDORA-2015-2152
2015-02-17 04:44:49
——————————————————————————–
Name : cups
Product : Fedora 20
Version : 1.7.5
Release : 12.fc20
URL : http://www.cups.org/
Summary : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX® operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
——————————————————————————–
Update Information:
This update fixes CVE-2014-9679, a buffer overflow when handling CUPS Raster format.
——————————————————————————–
ChangeLog:
* Mon Feb 16 2015 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-12
– Apply upstream patch to fix CVE-2014-9679, cupsRasterReadPixels
buffer overflow (STR #4551, bug #1191591).
* Wed Oct 22 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-11
– Upstream fix for cupsd crash on restart when colord not available
– (STR #4496).
* Sat Oct 18 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-9
– Fix for last fix (bug #1153660, bug #1154284).
* Thu Oct 16 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-8
– Start cups.service after network.target (bug #1153660).
* Wed Oct 15 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-7
– Fix cupsGetPPD3() so it doesn’t give the caller an unreadable file
(bug #1150917, STR #4500).
– Can no longer reproduce bug #1010580 so removing final-content-type
patch as it causes issues for some backends (bug #1149244).
* Mon Sep 1 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-6
– Fix icon display in web interface during server restart (STR #4475).
* Mon Sep 1 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-5
– More STR #4461 fixes from upstream.
* Tue Aug 26 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-4
– Use upstream patch for STR #4461.
* Wed Aug 20 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-3
– Upstream patch for STR #4396, pre-requisite for STR #2913 patch.
– Upstream patch for STR #2913 to limit Get-Jobs replies to 500 jobs
(bug #421671).
* Mon Aug 11 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-2
– Fix conf/log file reading for authenticated users (STR #4461).
* Fri Aug 1 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.5-1
– 1.7.5
* Wed Jul 23 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.4-3
– CVE-2014-5029, CVE-2014-5030, CVE-2014-5031 (#1122601)
* Wed Jul 23 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.4-2
– Fix CGI handling (STR #4454).
* Mon Jul 14 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.4-1
– 1.7.4: CVE-2014-3537
* Wed May 28 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.3-1
– 1.7.3
– str4386.patch merged upstream in STR #4403
* Fri May 9 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.2-2
– Another attempt at avoiding race condition when sending IPP requests
(STR #4386, bug #1072952).
* Mon Apr 14 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.2-1
– 1.7.2
* Thu Apr 3 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-9
– libcups: avoid race condition when sending IPP requests (STR #4386,
bug #1072952).
* Tue Mar 18 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-8
– Removed patch for STR #4386 as it does not work and causes problems
instead (bug #1077239).
* Mon Mar 10 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.1-7
– BuildRequires: pkgconfig(foo) instead of foo-devel
* Thu Mar 6 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-6
– Track local default in cupsEnumDests() (STR #4332).
– libcups: avoid race condition when sending IPP requests (STR #4386).
– Prevent feedback loop when fetching error_log over HTTP (STR #4366).
* Wed Mar 5 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-5
– Fix for cupsEnumDest() ‘removed’ callbacks (bug #1054312, STR #4380).
* Mon Feb 17 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-4
– Document ‘journal’ logging target.
* Tue Feb 11 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-3
– Prevent dnssd backend exiting too early (bug #1026940, STR #4365).
* Mon Feb 3 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.1-2
– move macros.cups from /etc/rpm/ to /usr/lib/rpm/macros.d
* Wed Jan 8 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.1-1
– 1.7.1
* Wed Jan 8 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-11
– Apply upstream patch to improve cupsUser() (STR #4327).
* Tue Jan 7 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-10
– Removed cups-dbus-utf8.patch as no longer needed (see STR #4314).
– Return jobs in rank order when handling IPP-Get-Jobs (STR #4326).
* Thu Jan 2 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-9
– dbus notifier: call _exit when handling SIGTERM (STR #4314).
– Use ‘-f’ when using rm in %setup section.
– Fixed avahi-no-threaded patch so it removes a call to
avahi_threaded_poll_stop() (bug #1044602).
* Fri Dec 13 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-8
– Use string literal for format string in sd_journal_print call.
* Thu Nov 28 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-7
– Prevent USB timeouts causing incorrect print output (bug #1026914).
* Thu Nov 14 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-6
– Avoid stale lockfile in dbus notifier (bug #1026949).
* Thu Nov 7 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-5
– Use upstream patch for stringpool corruption issue (bug #974048).
——————————————————————————–
References:
[ 1 ] Bug #1191588 – CVE-2014-9679 cups: cupsRasterReadPixels buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1191588
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update cups’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2015-2127
2015-02-17 04:43:42
——————————————————————————–
Name : cups
Product : Fedora 21
Version : 1.7.5
Release : 15.fc21
URL : http://www.cups.org/
Summary : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX® operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
——————————————————————————–
Update Information:
This update fixes CVE-2014-9679, a buffer overflow when handling CUPS Raster format.
——————————————————————————–
ChangeLog:
* Mon Feb 16 2015 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-15
– Apply upstream patch to fix CVE-2014-9679, cupsRasterReadPixels
buffer overflow (STR #4551, bug #1191591).
* Thu Nov 6 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-14
– Fixed some warnings in cups-lspp.patch.
– New systemd journal fields CUPS_DEST and CUPS_PRINTER, as well as
accurate code location fields.
——————————————————————————–
References:
[ 1 ] Bug #1191588 – CVE-2014-9679 cups: cupsRasterReadPixels buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1191588
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update cups’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
| Autor | Tomislav Protega |
| Cert id | NCERT-REF-2015-02-0017-ADV |
| Cve | CVE-2014-9679 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CVE-2014-3537 |
| ID izvornika | FEDORA-2015-2152 |
| Proizvod | cups |
| Izvor | http://www.redhat.com |
