[SECURITY] Fedora 8 Update: cups-1.3.4-2.fc8

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 8 06:03:28 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2982
2007-11-08 06:03:22.808613
--------------------------------------------------------------------------------

Name        : cups
Product     : Fedora 8
Version     : 1.3.4
Release     : 2.fc8
URL         : http://www.cups.org/
Summary     : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

--------------------------------------------------------------------------------
Update Information:

This update fixes a remote code execution vulnerability in the IPP handling part of the CUPS scheduler, as well as several PDF handling security issues.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  7 2007 Tim Waugh <twaugh at redhat.com> 1:1.3.4-2
- Applied patch to fix CVE-2007-4045 (bug #250161).
- Applied patch to fix CVE-2007-4352, CVE-2007-5392 and
  CVE-2007-5393 (bug #345101).
* Thu Nov  1 2007 Tim Waugh <twaugh at redhat.com> 1:1.3.4-1
- 1.3.4 (bug #362971).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #362971 - CVE-2007-4351 cups boundary error [F8]
        https://bugzilla.redhat.com/show_bug.cgi?id=362971
  [ 2 ] Bug #345091 - CVE-2007-4351 cups boundary error
        https://bugzilla.redhat.com/show_bug.cgi?id=345091
  [ 3 ] Bug #345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()
        https://bugzilla.redhat.com/show_bug.cgi?id=345101
  [ 4 ] Bug #250161 - CVE-2007-4045 Incomplete fix for CVE-2007-0720 CUPS denial of service
        https://bugzilla.redhat.com/show_bug.cgi?id=250161
  [ 5 ] CVE-2007-4351
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351
  [ 6 ] CVE-2007-4045
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045
  [ 7 ] CVE-2007-4352
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
  [ 8 ] CVE-2007-5392
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
  [ 9 ] CVE-2007-5393
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
--------------------------------------------------------------------------------
Updated packages:

28d4d82b9a40e8c248ddeeb2a5161644932b0287 cups-lpd-1.3.4-2.fc8.ppc64.rpm
d71ea0fd85ae077f9a9d1a82781bdcd9828480d9 cups-1.3.4-2.fc8.ppc64.rpm
c0035414e97a3ffc745fbacecc59a829c8efb8bd cups-libs-1.3.4-2.fc8.ppc64.rpm
456e4c54ac3c902d32dd3b4eb2059ac867e04ad8 cups-devel-1.3.4-2.fc8.ppc64.rpm
af4987bf57763d4a135737d795d87c21bb7f31d3 cups-debuginfo-1.3.4-2.fc8.ppc64.rpm
3b77fd98a606712a2df3748e7756ee3737d295db cups-libs-1.3.4-2.fc8.i386.rpm
95b5db10adcacd9cb63b8ee74dc04a3c47ffcfd0 cups-debuginfo-1.3.4-2.fc8.i386.rpm
fc588e0677698b946e0523654aa8e18807c2f0b4 cups-lpd-1.3.4-2.fc8.i386.rpm
c7f9e99e30785aba7d0d732a56c42782e8162186 cups-1.3.4-2.fc8.i386.rpm
d30a21de63f1c7d7e670cb983fd74a10d7ae5e74 cups-devel-1.3.4-2.fc8.i386.rpm
76734e22a918ae6052f25e87a964f0000b916a79 cups-debuginfo-1.3.4-2.fc8.x86_64.rpm
191ae04aa9fade079275c210eed48c29b22c5d73 cups-libs-1.3.4-2.fc8.x86_64.rpm
25cbe8f49f16cb8d45a251858d39c5622db84615 cups-1.3.4-2.fc8.x86_64.rpm
a0c48b992ebbd8115a7a2a502f922d217892eb07 cups-devel-1.3.4-2.fc8.x86_64.rpm
16a87bfd305352824bdcd27c1771fc394eea4a38 cups-lpd-1.3.4-2.fc8.x86_64.rpm
8f7e94ca2ff5142599434fd3552d95038c67f392 cups-libs-1.3.4-2.fc8.ppc.rpm
7d98b205dfef8b4cb7327e2ed15feed2ab3a302d cups-devel-1.3.4-2.fc8.ppc.rpm
5371df4f75b8625bf19de4b4c07a289614273dcb cups-1.3.4-2.fc8.ppc.rpm
1f32d87df6670b2a779afec2bfe8b842b6346fc2 cups-lpd-1.3.4-2.fc8.ppc.rpm
38145dadc5ebef5afe0e72f001d586d52c474437 cups-debuginfo-1.3.4-2.fc8.ppc.rpm
f28a1d7b4a3308ed185be8f914bfaf1231324a72 cups-1.3.4-2.fc8.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cups' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the package-announce mailing list