[SECURITY] Fedora 13 Update: cups-1.4.4-11.fc13

updates at fedoraproject.org updates at fedoraproject.org
Mon Nov 22 22:19:35 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-17615
2010-11-11 21:40:03
--------------------------------------------------------------------------------

Name        : cups
Product     : Fedora 13
Version     : 1.4.4
Release     : 11.fc13
URL         : http://www.cups.org/
Summary     : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

--------------------------------------------------------------------------------
Update Information:

This update fixes a cupsd memory corruption vulnerability (CVE-2010-2941), as well as fixing a crash when the MIME database cannot be loaded for any reason.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 11 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-11
- Applied patch to fix cupsd memory corruption vulnerability
  (CVE-2010-2941, bug #652161).
- Don't crash when MIME database could not be loaded (bug #610088).
* Fri Sep 17 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-10
- Perform locking for gnutls and avoid libgcrypt's broken
  locking (bug #607159).
- Build with --enable-threads again (bug #607159).
- Force the use of gnutls despite thread-safety concerns (bug #607159).
* Wed Sep 15 2010 Tim Waugh <twaugh at redhat.com>
- Fixed serverbin-compat patch to avoid misleading "filter not
  available" messages (bug #633779).
* Mon Aug 23 2010 Tim Waugh <twaugh at redhat.com>
- Fixed SNMP quirks parsing.
* Fri Aug 20 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-9
- Use better upstream fix for STR #3608 (bug #606909).
* Fri Aug 13 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-8
- Specify udevadm trigger action in initscript (bug #623959).
* Tue Aug  3 2010 Tim Waugh <twaugh at redhat.com>
- Merged F-12 change:
  - Use numeric addresses for interfaces unless HostNameLookups are
    turned on (bug #583054).
* Tue Jul 13 2010 Jiri Popelka <jpopelka at redhat.com> 1:1.4.4-7
- Added restartlog to initscript usage output (bug #612996).
* Mon Jul 12 2010 Jiri Popelka <jpopelka at redhat.com> 1:1.4.4-6
- Moved LICENSE.txt to libs sub-package.
* Mon Jun 28 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-5
- Avoid empty notify-subscribed-event attributes (bug #606909,
  STR #3608).
* Thu Jun 24 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-4
- Use gnutls again but disable threading (bug #607159).
* Tue Jun 22 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-3
- Rebuilt to keep correct package n-v-r ordering between releases.
* Fri Jun 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-2
- Re-enabled SSL support by using OpenSSL instead of gnutls.
* Fri Jun 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-1
- 1.4.4.  Fixes several security vulnerabilities (bug #605399):
  CVE-2010-0540, CVE-2010-0542, CVE-2010-1748.  No longer need str3503,
  str3399, str3505, str3541, str3425p2 or CVE-2010-0302 patches.
* Thu Jun 10 2010 Tim Waugh <twaugh at redhat.com>
- Removed unapplied gnutls-gcrypt-threads patch.  Fixed typos in
  descriptions for lpd and php sub-packages.
* Wed Jun  9 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-11
- Use upstream method of handling SNMP quirks in PPDs (STR #3551,
  bug #581825).
* Tue Jun  1 2010 Jiri Popelka <jpopelka at redhat.com> 1:1.4.3-10
- Added back still useful str3425.patch.
  Second part of STR #3425 is still not fixed in 1.4.3
* Tue May 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-9
- Adjust texttops output to be in natural orientation (STR #3563).
  This fixes page-label orientation when texttops is used in the
  filter chain (bug #572338).
* Thu May 13 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-8
- Fixed Ricoh Device ID OID (STR #3552).
* Tue May 11 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-7
- Add an SNMP query for Ricoh's device ID OID (STR #3552).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #624438 - CVE-2010-2941 cups: cupsd memory corruption vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=624438
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cups' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list