You are here
Home > Preporuke > Ranjivost programskog paketa cups

Ranjivost programskog paketa cups

——————————————————————————–
Fedora Update Notification
FEDORA-2015-2152
2015-02-17 04:44:49
——————————————————————————–

Name : cups
Product : Fedora 20
Version : 1.7.5
Release : 12.fc20
URL : http://www.cups.org/
Summary : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX® operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

——————————————————————————–
Update Information:

This update fixes CVE-2014-9679, a buffer overflow when handling CUPS Raster format.
——————————————————————————–
ChangeLog:

* Mon Feb 16 2015 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-12
– Apply upstream patch to fix CVE-2014-9679, cupsRasterReadPixels
buffer overflow (STR #4551, bug #1191591).
* Wed Oct 22 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-11
– Upstream fix for cupsd crash on restart when colord not available
– (STR #4496).
* Sat Oct 18 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-9
– Fix for last fix (bug #1153660, bug #1154284).
* Thu Oct 16 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-8
– Start cups.service after network.target (bug #1153660).
* Wed Oct 15 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-7
– Fix cupsGetPPD3() so it doesn’t give the caller an unreadable file
(bug #1150917, STR #4500).
– Can no longer reproduce bug #1010580 so removing final-content-type
patch as it causes issues for some backends (bug #1149244).
* Mon Sep 1 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-6
– Fix icon display in web interface during server restart (STR #4475).
* Mon Sep 1 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-5
– More STR #4461 fixes from upstream.
* Tue Aug 26 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-4
– Use upstream patch for STR #4461.
* Wed Aug 20 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-3
– Upstream patch for STR #4396, pre-requisite for STR #2913 patch.
– Upstream patch for STR #2913 to limit Get-Jobs replies to 500 jobs
(bug #421671).
* Mon Aug 11 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-2
– Fix conf/log file reading for authenticated users (STR #4461).
* Fri Aug 1 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.5-1
– 1.7.5
* Wed Jul 23 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.4-3
– CVE-2014-5029, CVE-2014-5030, CVE-2014-5031 (#1122601)
* Wed Jul 23 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.4-2
– Fix CGI handling (STR #4454).
* Mon Jul 14 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.4-1
– 1.7.4: CVE-2014-3537
* Wed May 28 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.3-1
– 1.7.3
– str4386.patch merged upstream in STR #4403
* Fri May 9 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.2-2
– Another attempt at avoiding race condition when sending IPP requests
(STR #4386, bug #1072952).
* Mon Apr 14 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.2-1
– 1.7.2
* Thu Apr 3 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-9
– libcups: avoid race condition when sending IPP requests (STR #4386,
bug #1072952).
* Tue Mar 18 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-8
– Removed patch for STR #4386 as it does not work and causes problems
instead (bug #1077239).
* Mon Mar 10 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.1-7
– BuildRequires: pkgconfig(foo) instead of foo-devel
* Thu Mar 6 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-6
– Track local default in cupsEnumDests() (STR #4332).
– libcups: avoid race condition when sending IPP requests (STR #4386).
– Prevent feedback loop when fetching error_log over HTTP (STR #4366).
* Wed Mar 5 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-5
– Fix for cupsEnumDest() ‘removed’ callbacks (bug #1054312, STR #4380).
* Mon Feb 17 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-4
– Document ‘journal’ logging target.
* Tue Feb 11 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.1-3
– Prevent dnssd backend exiting too early (bug #1026940, STR #4365).
* Mon Feb 3 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.1-2
– move macros.cups from /etc/rpm/ to /usr/lib/rpm/macros.d
* Wed Jan 8 2014 Jiri Popelka <jpopelka@redhat.com> – 1:1.7.1-1
– 1.7.1
* Wed Jan 8 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-11
– Apply upstream patch to improve cupsUser() (STR #4327).
* Tue Jan 7 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-10
– Removed cups-dbus-utf8.patch as no longer needed (see STR #4314).
– Return jobs in rank order when handling IPP-Get-Jobs (STR #4326).
* Thu Jan 2 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-9
– dbus notifier: call _exit when handling SIGTERM (STR #4314).
– Use ‘-f’ when using rm in %setup section.
– Fixed avahi-no-threaded patch so it removes a call to
avahi_threaded_poll_stop() (bug #1044602).
* Fri Dec 13 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-8
– Use string literal for format string in sd_journal_print call.
* Thu Nov 28 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-7
– Prevent USB timeouts causing incorrect print output (bug #1026914).
* Thu Nov 14 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-6
– Avoid stale lockfile in dbus notifier (bug #1026949).
* Thu Nov 7 2013 Tim Waugh <twaugh@redhat.com> – 1:1.7.0-5
– Use upstream patch for stringpool corruption issue (bug #974048).
——————————————————————————–
References:

[ 1 ] Bug #1191588 – CVE-2014-9679 cups: cupsRasterReadPixels buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1191588
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update cups’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 

 

 

 

——————————————————————————–
Fedora Update Notification
FEDORA-2015-2127
2015-02-17 04:43:42
——————————————————————————–

Name : cups
Product : Fedora 21
Version : 1.7.5
Release : 15.fc21
URL : http://www.cups.org/
Summary : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX® operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

——————————————————————————–
Update Information:

This update fixes CVE-2014-9679, a buffer overflow when handling CUPS Raster format.
——————————————————————————–
ChangeLog:

* Mon Feb 16 2015 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-15
– Apply upstream patch to fix CVE-2014-9679, cupsRasterReadPixels
buffer overflow (STR #4551, bug #1191591).
* Thu Nov 6 2014 Tim Waugh <twaugh@redhat.com> – 1:1.7.5-14
– Fixed some warnings in cups-lspp.patch.
– New systemd journal fields CUPS_DEST and CUPS_PRINTER, as well as
accurate code location fields.
——————————————————————————–
References:

[ 1 ] Bug #1191588 – CVE-2014-9679 cups: cupsRasterReadPixels buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1191588
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update cups’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

 

Top
More in Preporuke
Višestruke ranjivosti programskog paketa freetype

Otkrivene su višestruke ranjivosti programskog paketa freetype za Fedoru. Ranjivosti su posljedica cjelobrojnog prepisivanja, prekoračenja spremnika stoga, prekoračenja spremnika gomile,...

Close