[SECURITY] Fedora 12 Update: cups-1.4.2-7.fc12

updates at fedoraproject.org updates at fedoraproject.org
Tue Dec 1 04:34:10 UTC 2009


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-11314
2009-11-11 14:14:44
--------------------------------------------------------------------------------

Name        : cups
Product     : Fedora 12
Version     : 1.4.2
Release     : 7.fc12
URL         : http://www.cups.org/
Summary     : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

--------------------------------------------------------------------------------
Update Information:

New release, including fix for XSS vulnerability in web interface
(CVE-2009-2820) and for improper reference counting in abstract file descriptors
handling interface (CVE-2009-3553).
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 19 2009 Tim Waugh <twaugh at redhat.com> 1:1.4.2-7
- Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200).
* Tue Nov 17 2009 Tim Waugh <twaugh at redhat.com> 1:1.4.2-6
- Fixed display of current driver (bug #537182, STR #3418).
- Fixed out-of-memory handling when loading jobs (bug #538054,
  STR #3407).
* Mon Nov 16 2009 Tim Waugh <twaugh at redhat.com> 1:1.4.2-5
- Fixed typo in admin web template (bug #537884, STR #3403).
- Reset SIGPIPE handler for child processes (bug #537886, STR #3399).
* Mon Nov 16 2009 Tim Waugh <twaugh at redhat.com> 1:1.4.2-4
- Upstream fix for GNU TLS error handling bug (bug #537883, STR #3381).
* Wed Nov 11 2009 Jiri Popelka <jpopelka at redhat.com> 1:1.4.2-3
- Fixed lspp-patch to avoid memory leak (bug #536741).
* Tue Nov 10 2009 Tim Waugh <twaugh at redhat.com> 1:1.4.2-2
- Added explicit version dependency on cups-libs to cups-lpd
  (bug #502205).
* Tue Nov 10 2009 Tim Waugh <twaugh at redhat.com> 1:1.4.2-1
- 1.4.2.  No longer need str3380, str3332, str3356, str3396 patches.
- Removed postscript.ppd.gz (bug #533371).
- Renumbered patches and sources.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #529833 - CVE-2009-2820 cups: Several XSS flaws in forms processed by CUPS web interface
        https://bugzilla.redhat.com/show_bug.cgi?id=529833
  [ 2 ] Bug #530111 - CVE-2009-3553 cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface
        https://bugzilla.redhat.com/show_bug.cgi?id=530111
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cups' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the package-announce mailing list