Sicherheit: Zwei Probleme in cups - Pro-Linux

Name        : cups
Product     : Fedora 19
Version     : 1.6.4
Release     : 10.fc19
URL         : http://www.cups.org/
Summary     : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX® operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

-------------------------------------------------------------------------------
-
Update Information:

Upstream patches have been applied to prevent long-running Get-Jobs operations
 preventing other requests from being handled, and to fix the order of completed jobs in Get-Jobs responses.

This update fixes a security flaw potentially leading to a disclosure of
 information.
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Aug 26 2014 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-10
- Use upstream patch for STR #4461.
* Thu Aug 21 2014 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-9
- Upstream patch for STR #4396, pre-requisite for STR #2913 patch.
- Upstream patch for STR #2913 to limit Get-Jobs replies to 500 jobs
  (bug #421671).
* Mon Aug 11 2014 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-8
- Fix conf/log file reading for authenticated users (STR #4461).
* Wed Jul 23 2014 Jiri Popelka <jpopelka@redhat.com> - 1:1.6.4-7
- CVE-2014-5029, CVE-2014-5030, CVE-2014-5031 (#1122601)
* Mon Jul 14 2014 Jiri Popelka <jpopelka@redhat.com> - 1:1.6.4-6
- CVE-2014-3537 (#1119303)
* Mon Apr 14 2014 Jiri Popelka <jpopelka@redhat.com> - 1:1.6.4-5
- Scheduler now blocks URLs containing embedded HTML (bug #1087123, STR #4356).
* Tue Mar 11 2014 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-4
- Track local default in cupsEnumDests() (STR #4332).
- Prevent feedback loop when fetching error_log over HTTP (STR #4366).
- Fix for cupsEnumDest() 'removed' callbacks (bug #1054312, STR #4380).
- Prevent dnssd backend exiting too early (bug #1026940, STR #4365).
- Use '-f' when using rm in %setup section.
- Prevent USB timeouts causing incorrect print output (bug #1026914).
* Thu Nov 14 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-3
- Avoid stale lockfile in dbus notifier (bug #1026949).
* Fri Sep 27 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-2
- Reverted upstream change to FINAL_CONTENT_TYPE in order to fix
  printing to remote CUPS servers (bug #1010580).
* Wed Sep 25 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.4-1
- 1.6.4.
* Wed Aug 21 2013 Jaromír Končický <jkoncick@redhat.com> - 1:1.6.3-8
- Add SyncOnClose option (bug #984883).
* Fri Aug 16 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.3-7
- Increase web interface get-devices timeout to 10s (bug #996664).
* Thu Aug 15 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.3-6
- Build with full read-only relocations (bug #996740).
* Tue Aug  6 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.3-5
- Fixes for jobs with multiple files and multiple formats.
* Wed Jul 24 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.3-4
- Fixed cups-config, broken by last change (bug #987660).
* Mon Jul 22 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.3-3
- Removed stale comment in spec file.
- Link against OpenSSL instead of GnuTLS.
* Thu Jul 18 2013 Tim Waugh <twaugh@redhat.com> - 1:1.6.3-2
- Fixed downoad URL to point to the actual source, not a download
  page.
* Fri Jul 12 2013 Jiri Popelka <jpopelka@redhat.com> - 1:1.6.3-1
- 1.6.3
* Thu Jul 11 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-18
- Avoid sign-extending CRCs for gz decompression (bug #983486).
* Wed Jul 10 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-17
- Fixed download URL.
* Wed Jul 10 2013 Jiri Popelka <jpopelka@redhat.com> - 1:1.6.2-16
- Remove pstops cost factor tweak from conf/mime.convs.in
* Mon Jul  1 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-15
- Don't use D-Bus from two threads (bug #979748).
* Fri Jun 28 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-14
- Fix for DNSSD name resolution.
* Wed Jun 26 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-13
- Don't link against libgcrypt needlessly.
* Wed Jun 26 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-12
- Default to IPP/1.1 for now (bug #977813).
* Tue Jun 25 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-11
- Added usblp quirk for Canon PIXMA MP540 (bug #967873).
* Tue Jun 18 2013 Tim Waugh <twaugh@redhat.com> 1:1.6.2-10
- Added IEEE 1284 Device ID for a Dymo device (bug #747866).
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1115576 - CVE-2014-3537 cups: insufficient checking leads to
 privilege escalation
        https://bugzilla.redhat.com/show_bug.cgi?id=1115576
  [ 2 ] Bug #1122600 - CVE-2014-5029 cups: Incomplete fix for CVE-2014-3537
        https://bugzilla.redhat.com/show_bug.cgi?id=1122600
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use
su -c 'yum update cups' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce