drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in cups
| Name: |
Cross-Site Scripting in cups |
|
| ID: |
FEDORA-2014-5079 |
|
| Distribution: |
Fedora |
|
| Plattformen: |
Fedora 20 |
|
| Datum: |
Do, 1. Mai 2014, 19:11 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856 |
|
| Applikationen: |
Common UNIX Printing System |
|
Originalnachricht |
Name : cups
Product : Fedora 20
Version : 1.7.2
Release : 1.fc20
URL : http://www.cups.org/
Summary : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX® operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
-------------------------------------------------------------------------------
-
Update Information:
Upstream bug-fix release, which among others fixes possible cross-site
scripting issue in CUPS web interface.
* https://cups.org/blog.php?L717
-------------------------------------------------------------------------------
-
ChangeLog:
* Mon Apr 14 2014 Jiri Popelka <jpopelka@redhat.com> - 1:1.7.2-1
- 1.7.2
* Thu Apr 3 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.1-9
- libcups: avoid race condition when sending IPP requests (STR #4386,
bug #1072952).
* Tue Mar 18 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.1-8
- Removed patch for STR #4386 as it does not work and causes problems
instead (bug #1077239).
* Mon Mar 10 2014 Jiri Popelka <jpopelka@redhat.com> - 1:1.7.1-7
- BuildRequires: pkgconfig(foo) instead of foo-devel
* Thu Mar 6 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.1-6
- Track local default in cupsEnumDests() (STR #4332).
- libcups: avoid race condition when sending IPP requests (STR #4386).
- Prevent feedback loop when fetching error_log over HTTP (STR #4366).
* Wed Mar 5 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.1-5
- Fix for cupsEnumDest() 'removed' callbacks (bug #1054312, STR #4380).
* Mon Feb 17 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.1-4
- Document 'journal' logging target.
* Tue Feb 11 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.1-3
- Prevent dnssd backend exiting too early (bug #1026940, STR #4365).
* Mon Feb 3 2014 Jiri Popelka <jpopelka@redhat.com> - 1:1.7.1-2
- move macros.cups from /etc/rpm/ to /usr/lib/rpm/macros.d
* Wed Jan 8 2014 Jiri Popelka <jpopelka@redhat.com> - 1:1.7.1-1
- 1.7.1
* Wed Jan 8 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.0-11
- Apply upstream patch to improve cupsUser() (STR #4327).
* Tue Jan 7 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.0-10
- Removed cups-dbus-utf8.patch as no longer needed (see STR #4314).
- Return jobs in rank order when handling IPP-Get-Jobs (STR #4326).
* Thu Jan 2 2014 Tim Waugh <twaugh@redhat.com> - 1:1.7.0-9
- dbus notifier: call _exit when handling SIGTERM (STR #4314).
- Use '-f' when using rm in %setup section.
- Fixed avahi-no-threaded patch so it removes a call to
avahi_threaded_poll_stop() (bug #1044602).
* Fri Dec 13 2013 Tim Waugh <twaugh@redhat.com> - 1:1.7.0-8
- Use string literal for format string in sd_journal_print call.
* Thu Nov 28 2013 Tim Waugh <twaugh@redhat.com> - 1:1.7.0-7
- Prevent USB timeouts causing incorrect print output (bug #1026914).
* Thu Nov 14 2013 Tim Waugh <twaugh@redhat.com> - 1:1.7.0-6
- Avoid stale lockfile in dbus notifier (bug #1026949).
* Thu Nov 7 2013 Tim Waugh <twaugh@redhat.com> - 1:1.7.0-5
- Use upstream patch for stringpool corruption issue (bug #974048).
-------------------------------------------------------------------------------
-
References:
[ 1 ] Bug #1087122 - CVE-2014-2856 cups: cross-site scripting flaw fixed in
the 1.7.2 release
https://bugzilla.redhat.com/show_bug.cgi?id=1087122
-------------------------------------------------------------------------------
-
This update can be installed with the "yum" update program. Use
su -c 'yum update cups' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|
