Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in cups-filters
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in cups-filters
ID: FEDORA-2015-3003
Distribution: Fedora
Plattformen: Fedora 20
Datum: Sa, 14. März 2015, 00:16
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2707
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2265

Originalnachricht

Name        : cups-filters
Product : Fedora 20
Version : 1.0.53
Release : 6.fc20
URL : cups-filters
Summary : OpenPrinting CUPS filters and backends
Description :
Contains backends, filters, and other software that was
once part of the core CUPS distribution but is no longer maintained by
Apple Inc. In addition it contains additional filters developed
independently of Apple, especially filters for the PDF-centric printing
workflow introduced by OpenPrinting.

-------------------------------------------------------------------------------
-
Update Information:

This fixes a security flaw in cups-browsed.
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Mar 2 2015 Jiri Popelka <jpopelka@redhat.com> - 1.0.53-6
cups-browsed: Fixed a security bug in the remove_bad_chars() failing to
reliably filter out illegal characters. (upstream #1265)
* Fri Jun 13 2014 Tim Waugh <twaugh@redhat.com> - 1.0.53-5
- Really fix execmem issue (bug #1079534).
* Wed Jun 11 2014 Tim Waugh <twaugh@redhat.com> - 1.0.53-4
- Fix build issue (bug #1106101).
* Fri Jun 6 2014 Tim Waugh <twaugh@redhat.com> - 1.0.53-3
- Don't use grep's -P switch in pstopdf as it needs execmem (bug
#1079534).
* Fri May 9 2014 Jiri Popelka <jpopelka@redhat.com> - 1.0.53-2
- Return Tim's work-around patch for bug #768811.
* Mon Apr 28 2014 Jiri Popelka <jpopelka@redhat.com> - 1.0.53-1
- 1.0.53
* Wed Apr 2 2014 Jiri Popelka <jpopelka@redhat.com> - 1.0.41-6
- Remote command injection in cups-browsed (bug #1083327).
* Tue Mar 11 2014 Jiri Popelka <jpopelka@redhat.com> - 1.0.41-5
- Don't ship pdftoopvp (#1027557) and urftopdf (#1002947).
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1199130 - CVE-2015-2265 cups-filters: remote command execution in
remove_bad_chars() (incomplete fix for CVE-2014-2707)
https://bugzilla.redhat.com/show_bug.cgi?id=1199130
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update cups-filters' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung