drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in cups
Name: |
Zwei Probleme in cups |
|
ID: |
FEDORA-2014-9703 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 19 |
|
Datum: |
Fr, 3. Oktober 2014, 19:23 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029 |
|
Applikationen: |
Common UNIX Printing System |
|
Originalnachricht |
Name : cups Product : Fedora 19 Version : 1.6.4 Release : 10.fc19 URL : http://www.cups.org/ Summary : CUPS printing system Description : CUPS printing system provides a portable printing layer for UNIX® operating systems. It has been developed by Apple Inc. to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces.
------------------------------------------------------------------------------- - Update Information:
Upstream patches have been applied to prevent long-running Get-Jobs operations preventing other requests from being handled, and to fix the order of completed jobs in Get-Jobs responses.
This update fixes a security flaw potentially leading to a disclosure of information. ------------------------------------------------------------------------------- - ChangeLog:
* Tue Aug 26 2014 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-10 - Use upstream patch for STR #4461. * Thu Aug 21 2014 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-9 - Upstream patch for STR #4396, pre-requisite for STR #2913 patch. - Upstream patch for STR #2913 to limit Get-Jobs replies to 500 jobs (bug #421671). * Mon Aug 11 2014 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-8 - Fix conf/log file reading for authenticated users (STR #4461). * Wed Jul 23 2014 Jiri Popelka <jpopelka@redhat.com> - 1:1.6.4-7 - CVE-2014-5029, CVE-2014-5030, CVE-2014-5031 (#1122601) * Mon Jul 14 2014 Jiri Popelka <jpopelka@redhat.com> - 1:1.6.4-6 - CVE-2014-3537 (#1119303) * Mon Apr 14 2014 Jiri Popelka <jpopelka@redhat.com> - 1:1.6.4-5 - Scheduler now blocks URLs containing embedded HTML (bug #1087123, STR #4356). * Tue Mar 11 2014 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-4 - Track local default in cupsEnumDests() (STR #4332). - Prevent feedback loop when fetching error_log over HTTP (STR #4366). - Fix for cupsEnumDest() 'removed' callbacks (bug #1054312, STR #4380). - Prevent dnssd backend exiting too early (bug #1026940, STR #4365). - Use '-f' when using rm in %setup section. - Prevent USB timeouts causing incorrect print output (bug #1026914). * Thu Nov 14 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-3 - Avoid stale lockfile in dbus notifier (bug #1026949). * Fri Sep 27 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-2 - Reverted upstream change to FINAL_CONTENT_TYPE in order to fix printing to remote CUPS servers (bug #1010580). * Wed Sep 25 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-1 - 1.6.4. * Wed Aug 21 2013 Jaromír Končický <jkoncick@redhat.com> - 1:1.6.3-8 - Add SyncOnClose option (bug #984883). * Fri Aug 16 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.3-7 - Increase web interface get-devices timeout to 10s (bug #996664). * Thu Aug 15 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.3-6 - Build with full read-only relocations (bug #996740). * Tue Aug 6 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.3-5 - Fixes for jobs with multiple files and multiple formats. * Wed Jul 24 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.3-4 - Fixed cups-config, broken by last change (bug #987660). * Mon Jul 22 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.3-3 - Removed stale comment in spec file. - Link against OpenSSL instead of GnuTLS. * Thu Jul 18 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.3-2 - Fixed downoad URL to point to the actual source, not a download page. * Fri Jul 12 2013 Jiri Popelka <jpopelka@redhat.com> - 1:1.6.3-1 - 1.6.3 * Thu Jul 11 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-18 - Avoid sign-extending CRCs for gz decompression (bug #983486). * Wed Jul 10 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-17 - Fixed download URL. * Wed Jul 10 2013 Jiri Popelka <jpopelka@redhat.com> - 1:1.6.2-16 - Remove pstops cost factor tweak from conf/mime.convs.in * Mon Jul 1 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-15 - Don't use D-Bus from two threads (bug #979748). * Fri Jun 28 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-14 - Fix for DNSSD name resolution. * Wed Jun 26 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-13 - Don't link against libgcrypt needlessly. * Wed Jun 26 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-12 - Default to IPP/1.1 for now (bug #977813). * Tue Jun 25 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-11 - Added usblp quirk for Canon PIXMA MP540 (bug #967873). * Tue Jun 18 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-10 - Added IEEE 1284 Device ID for a Dymo device (bug #747866). ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1115576 - CVE-2014-3537 cups: insufficient checking leads to privilege escalation https://bugzilla.redhat.com/show_bug.cgi?id=1115576 [ 2 ] Bug #1122600 - CVE-2014-5029 cups: Incomplete fix for CVE-2014-3537 https://bugzilla.redhat.com/show_bug.cgi?id=1122600 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update cups' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|