[SECURITY] Fedora 13 Update: cups-1.4.4-11.fc13
updates at fedoraproject.org
updates at fedoraproject.org
Mon Nov 22 22:19:35 UTC 2010
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-17615
2010-11-11 21:40:03
--------------------------------------------------------------------------------
Name : cups
Product : Fedora 13
Version : 1.4.4
Release : 11.fc13
URL : http://www.cups.org/
Summary : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
--------------------------------------------------------------------------------
Update Information:
This update fixes a cupsd memory corruption vulnerability (CVE-2010-2941), as well as fixing a crash when the MIME database cannot be loaded for any reason.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 11 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-11
- Applied patch to fix cupsd memory corruption vulnerability
(CVE-2010-2941, bug #652161).
- Don't crash when MIME database could not be loaded (bug #610088).
* Fri Sep 17 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-10
- Perform locking for gnutls and avoid libgcrypt's broken
locking (bug #607159).
- Build with --enable-threads again (bug #607159).
- Force the use of gnutls despite thread-safety concerns (bug #607159).
* Wed Sep 15 2010 Tim Waugh <twaugh at redhat.com>
- Fixed serverbin-compat patch to avoid misleading "filter not
available" messages (bug #633779).
* Mon Aug 23 2010 Tim Waugh <twaugh at redhat.com>
- Fixed SNMP quirks parsing.
* Fri Aug 20 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-9
- Use better upstream fix for STR #3608 (bug #606909).
* Fri Aug 13 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-8
- Specify udevadm trigger action in initscript (bug #623959).
* Tue Aug 3 2010 Tim Waugh <twaugh at redhat.com>
- Merged F-12 change:
- Use numeric addresses for interfaces unless HostNameLookups are
turned on (bug #583054).
* Tue Jul 13 2010 Jiri Popelka <jpopelka at redhat.com> 1:1.4.4-7
- Added restartlog to initscript usage output (bug #612996).
* Mon Jul 12 2010 Jiri Popelka <jpopelka at redhat.com> 1:1.4.4-6
- Moved LICENSE.txt to libs sub-package.
* Mon Jun 28 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-5
- Avoid empty notify-subscribed-event attributes (bug #606909,
STR #3608).
* Thu Jun 24 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-4
- Use gnutls again but disable threading (bug #607159).
* Tue Jun 22 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-3
- Rebuilt to keep correct package n-v-r ordering between releases.
* Fri Jun 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-2
- Re-enabled SSL support by using OpenSSL instead of gnutls.
* Fri Jun 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-1
- 1.4.4. Fixes several security vulnerabilities (bug #605399):
CVE-2010-0540, CVE-2010-0542, CVE-2010-1748. No longer need str3503,
str3399, str3505, str3541, str3425p2 or CVE-2010-0302 patches.
* Thu Jun 10 2010 Tim Waugh <twaugh at redhat.com>
- Removed unapplied gnutls-gcrypt-threads patch. Fixed typos in
descriptions for lpd and php sub-packages.
* Wed Jun 9 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-11
- Use upstream method of handling SNMP quirks in PPDs (STR #3551,
bug #581825).
* Tue Jun 1 2010 Jiri Popelka <jpopelka at redhat.com> 1:1.4.3-10
- Added back still useful str3425.patch.
Second part of STR #3425 is still not fixed in 1.4.3
* Tue May 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-9
- Adjust texttops output to be in natural orientation (STR #3563).
This fixes page-label orientation when texttops is used in the
filter chain (bug #572338).
* Thu May 13 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-8
- Fixed Ricoh Device ID OID (STR #3552).
* Tue May 11 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-7
- Add an SNMP query for Ricoh's device ID OID (STR #3552).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #624438 - CVE-2010-2941 cups: cupsd memory corruption vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=624438
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update cups' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list