[SECURITY] Fedora 7 Update: cups-1.2.12-7.fc7

updates at fedoraproject.org updates at fedoraproject.org
Fri Nov 9 23:51:50 UTC 2007 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-3100
2007-11-09 23:51:45.074621
--------------------------------------------------------------------------------

Name        : cups
Product     : Fedora 7
Version     : 1.2.12
Release     : 7.fc7
URL         : http://www.cups.org/
Summary     : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

--------------------------------------------------------------------------------
Update Information:

This update fixes several PDF handling security issues.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  7 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-7
- Applied patch to fix CVE-2007-4045 (bug #250161).
- Applied patch to fix CVE-2007-4352, CVE-2007-5392 and
  CVE-2007-5393 (bug #345101).
* Thu Nov  1 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-6
- Applied patch to fix CVE-2007-4351 (STR #2561, bug #361661).
* Wed Oct 10 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-5
- Use ppdev for parallel port Device ID retrieval (bug #311671).
* Thu Aug  9 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-4
- Applied patch to fix CVE-2007-3387 (bug #251518).
* Tue Jul 31 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-3
- Better buildroot tag.
- Moved LSPP access check and security attributes check in add_job() to
  before allocation of the job structure (bug #231522).
* Mon Jul 23 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-2
- Use kernel support for USB paper-out detection, when available
  (bug #249213).
* Fri Jul 13 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.12-1
- 1.2.12.  No longer need adminutil or str2408 patches.
* Wed Jul  4 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-3
- Better paper-out detection patch still (bug #246222).
* Fri Jun 29 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-2
- Applied patch to fix group handling in PPDs (bug #186231, STR #2408).
* Wed Jun 27 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.11-1
- Fixed permissions on classes.conf in the file manifest (bug #245748).
- 1.2.11.
* Tue Jun 12 2007 Tim Waugh <twaugh at redhat.com>
- Make the initscript use start priority 56 (bug #213828).
* Mon Jun 11 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-12
- Better paper-out detection patch (bug #241589).
* Mon May 21 2007 Tim Waugh <twaugh at redhat.com> 1:1.2.10-11
- Fixed _cupsAdminSetServerSettings() sharing/shared handling (bug #238057).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #345101 - CVE-2007-4352 xpdf memory corruption in DCTStream::readProgressiveDataUnit()
        https://bugzilla.redhat.com/show_bug.cgi?id=345101
  [ 2 ] Bug #250161 - CVE-2007-4045 Incomplete fix for CVE-2007-0720 CUPS denial of service
        https://bugzilla.redhat.com/show_bug.cgi?id=250161
  [ 3 ] CVE-2007-4045
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4045
  [ 4 ] CVE-2007-4352
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
  [ 5 ] CVE-2007-5392
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
  [ 6 ] CVE-2007-5393
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
--------------------------------------------------------------------------------
Updated packages:

e0b6ddf1f64bc55861a4c7e7d8750d3ae4022a22 cups-debuginfo-1.2.12-7.fc7.ppc64.rpm
d5933da4154a0ef82a7976bcf43bea3626926a08 cups-lpd-1.2.12-7.fc7.ppc64.rpm
5e7ae92bcbe2943f4597ec871bf244be170f1840 cups-libs-1.2.12-7.fc7.ppc64.rpm
4943c7f5c8d433a92f32e7cbc82325802f041e5b cups-1.2.12-7.fc7.ppc64.rpm
46a30896d2a82320a6f9166bd4f670367d2a761d cups-devel-1.2.12-7.fc7.ppc64.rpm
71df8ed89025b65ddbf9af50c8419b9abd32664f cups-1.2.12-7.fc7.i386.rpm
f27677c3460e9fe5b558d8bab7f5ef72001c9e14 cups-libs-1.2.12-7.fc7.i386.rpm
0d44cd1e566fea486726710d48b1745d5155cae4 cups-debuginfo-1.2.12-7.fc7.i386.rpm
b911ee6c056ebca7be080d80930e25f6c89a7fda cups-devel-1.2.12-7.fc7.i386.rpm
991b6e3206a689f17ce03136e4ca933f9dafc3e0 cups-lpd-1.2.12-7.fc7.i386.rpm
f0c3ef122f5b396501bf9abac5b913fd7526a34a cups-1.2.12-7.fc7.x86_64.rpm
0864d55d0eab42d4fc0a881e820a3da37b62be33 cups-lpd-1.2.12-7.fc7.x86_64.rpm
d848e4eeb9ee488e8219a26708750637015652b9 cups-devel-1.2.12-7.fc7.x86_64.rpm
504469b9dc56a42241b9aa5f07f3bfc1f7387ba4 cups-debuginfo-1.2.12-7.fc7.x86_64.rpm
0e03a675de4adb8ba4cf57b6e505c3addb7284c6 cups-libs-1.2.12-7.fc7.x86_64.rpm
1ec1eea5b5ab2b65411eab28437ded3626e59e52 cups-debuginfo-1.2.12-7.fc7.ppc.rpm
381bf8abcc9af034f3a93ba55d9954f3e4953b9c cups-libs-1.2.12-7.fc7.ppc.rpm
989139479ede1327c6dc9523169c7ee443b51da2 cups-1.2.12-7.fc7.ppc.rpm
2388a46fe015fa67918ef9af6fbd749da91e6546 cups-devel-1.2.12-7.fc7.ppc.rpm
f08c7c3783948b16ffad6d115a97953280b33211 cups-lpd-1.2.12-7.fc7.ppc.rpm
c0cbea01f2ed07f50f9176b7b04b5a37f3b4af9a cups-1.2.12-7.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cups' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------

More information about the package-announce mailing list