-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-10388 2010-06-25 17:05:18 --------------------------------------------------------------------------------
Name : cups Product : Fedora 13 Version : 1.4.4 Release : 5.fc13 URL : http://www.cups.org/ Summary : Common Unix Printing System Description : The Common UNIX Printing System provides a portable printing layer for UNIX® operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. -------------------------------------------------------------------------------- Update Information: New upstream release fixing several security issues: CVE-2010-0540, CVE-2010-0542, CVE-2010-1748. -------------------------------------------------------------------------------- ChangeLog: * Mon Jun 28 2010 Tim Waugh <[email protected]> 1:1.4.4-5 - Avoid empty notify-subscribed-event attributes (bug #606909, STR #3608). * Thu Jun 24 2010 Tim Waugh <[email protected]> 1:1.4.4-4 - Use gnutls again but disable threading (bug #607159). * Tue Jun 22 2010 Tim Waugh <[email protected]> 1:1.4.4-3 - Rebuilt to keep correct package n-v-r ordering between releases. * Fri Jun 18 2010 Tim Waugh <[email protected]> 1:1.4.4-2 - Re-enabled SSL support by using OpenSSL instead of gnutls. * Fri Jun 18 2010 Tim Waugh <[email protected]> 1:1.4.4-1 - 1.4.4. Fixes several security vulnerabilities (bug #605399): CVE-2010-0540, CVE-2010-0542, CVE-2010-1748. No longer need str3503, str3399, str3505, str3541, str3425p2 or CVE-2010-0302 patches. * Thu Jun 10 2010 Tim Waugh <[email protected]> - Removed unapplied gnutls-gcrypt-threads patch. Fixed typos in descriptions for lpd and php sub-packages. * Wed Jun 9 2010 Tim Waugh <[email protected]> 1:1.4.3-11 - Use upstream method of handling SNMP quirks in PPDs (STR #3551, bug #581825). * Tue Jun 1 2010 Jiri Popelka <[email protected]> 1:1.4.3-10 - Added back still useful str3425.patch. Second part of STR #3425 is still not fixed in 1.4.3 * Tue May 18 2010 Tim Waugh <[email protected]> 1:1.4.3-9 - Adjust texttops output to be in natural orientation (STR #3563). This fixes page-label orientation when texttops is used in the filter chain (bug #572338). * Thu May 13 2010 Tim Waugh <[email protected]> 1:1.4.3-8 - Fixed Ricoh Device ID OID (STR #3552). * Tue May 11 2010 Tim Waugh <[email protected]> 1:1.4.3-7 - Add an SNMP query for Ricoh's device ID OID (STR #3552). -------------------------------------------------------------------------------- References: [ 1 ] Bug #591983 - CVE-2010-1748 cups: web interface memory disclosure https://bugzilla.redhat.com/show_bug.cgi?id=591983 [ 2 ] Bug #605397 - cups: latent privilege escalation vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=605397 [ 3 ] Bug #587746 - CVE-2010-0542 CUPS: texttops unchecked memory allocation failure leading to NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=587746 [ 4 ] Bug #588805 - CVE-2010-0540 CUPS administrator web interface CSRF https://bugzilla.redhat.com/show_bug.cgi?id=588805 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update cups' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
