[SECURITY] Fedora 13 Update: cups-1.4.4-5.fc13

Thu Jul 1 18:44:56 UTC 2010

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-10388
2010-06-25 17:05:18
--------------------------------------------------------------------------------

Name        : cups
Product     : Fedora 13
Version     : 1.4.4
Release     : 5.fc13
URL         : http://www.cups.org/
Summary     : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

--------------------------------------------------------------------------------
Update Information:

New upstream release fixing several security issues: CVE-2010-0540,
CVE-2010-0542, CVE-2010-1748.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 28 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-5
- Avoid empty notify-subscribed-event attributes (bug #606909,
  STR #3608).
* Thu Jun 24 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-4
- Use gnutls again but disable threading (bug #607159).
* Tue Jun 22 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-3
- Rebuilt to keep correct package n-v-r ordering between releases.
* Fri Jun 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-2
- Re-enabled SSL support by using OpenSSL instead of gnutls.
* Fri Jun 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-1
- 1.4.4.  Fixes several security vulnerabilities (bug #605399):
  CVE-2010-0540, CVE-2010-0542, CVE-2010-1748.  No longer need str3503,
  str3399, str3505, str3541, str3425p2 or CVE-2010-0302 patches.
* Thu Jun 10 2010 Tim Waugh <twaugh at redhat.com>
- Removed unapplied gnutls-gcrypt-threads patch.  Fixed typos in
  descriptions for lpd and php sub-packages.
* Wed Jun  9 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-11
- Use upstream method of handling SNMP quirks in PPDs (STR #3551,
  bug #581825).
* Tue Jun  1 2010 Jiri Popelka <jpopelka at redhat.com> 1:1.4.3-10
- Added back still useful str3425.patch.
  Second part of STR #3425 is still not fixed in 1.4.3
* Tue May 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-9
- Adjust texttops output to be in natural orientation (STR #3563).
  This fixes page-label orientation when texttops is used in the
  filter chain (bug #572338).
* Thu May 13 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-8
- Fixed Ricoh Device ID OID (STR #3552).
* Tue May 11 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.3-7
- Add an SNMP query for Ricoh's device ID OID (STR #3552).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #591983 - CVE-2010-1748 cups: web interface memory disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=591983
  [ 2 ] Bug #605397 - cups: latent privilege escalation vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=605397
  [ 3 ] Bug #587746 - CVE-2010-0542 CUPS: texttops unchecked memory allocation failure leading to NULL pointer dereference
        https://bugzilla.redhat.com/show_bug.cgi?id=587746
  [ 4 ] Bug #588805 - CVE-2010-0540 CUPS administrator web interface CSRF
        https://bugzilla.redhat.com/show_bug.cgi?id=588805
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cups' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------