LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora 8 Update: cups-1.3.9-2.fc8 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora Security update to fix CVE-2008-5183. Also included is a fix for incorrect form-feed handling in the textonly filter.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-10911
None
--------------------------------------------------------------------------------

Name        : cups
Product     : Fedora 8
Version     : 1.3.9
Release     : 2.fc8
URL         : http://www.cups.org/
Summary     : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.

--------------------------------------------------------------------------------
Update Information:

Security update to fix CVE-2008-5183.  Also included is a fix for incorrect
form-feed handling in the textonly filter.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  3 2008 Tim Waugh  1:1.3.9-2
- Applied patch to fix STR #2974 (bug #473905, CVE-2008-5286,
  CVE-2008-1722).
- Applied patch to fix RSS subscription limiting (bug #473901,
  CVE-2008-5183).
- Fixed textonly filter to send FF correctly.
* Fri Oct 10 2008 Tim Waugh  1:1.3.9-1
- 1.3.9, including fixes for CVE-2008-3639 / STR #2918,
  CVE-2008-3640 / STR #2919 and CVE-2008-3641 / STR #2911
  (bug #466419).
- No longer need str2750, CVE-2008-1722 or CVE-2008-1373 patches.
* Tue Jul  1 2008 Tim Waugh  1:1.3.7-4
- Fixed bug #447200 again.
* Tue Jun 17 2008 Tim Waugh  1:1.3.7-3
- Backported cupsGetNamedDest from 1.4 (bug #428086).
- Fixed bug #447200 again.
* Tue Jun  3 2008 Tim Waugh 
- Applied patch to fix STR #2750 (IPP authentication).
* Fri May 30 2008 Tim Waugh 
- For LSPP, pass the job's scon to copy_banner in cupsdTimeoutJob, and
  check that it is not NULL in copy_banner (bug #447200).
* Fri May  9 2008 Tim Waugh  1:1.3.7-2
- Applied patch to fix CVE-2008-1722 (integer overflow in image filter,
  bug #441692, STR #2790).
* Fri May  2 2008 Tim Waugh 
- Include the hostname in the charset error (part of bug #441719).
* Thu Apr 10 2008 Tim Waugh 
- Log an error when a client requests a charset other than ASCII or UTF-8.
* Thu Apr  3 2008 Tim Waugh 
- Main package requires exactly-matching libs package.
* Wed Apr  2 2008 Tim Waugh  1:1.3.7-1
- 1.3.7.  No longer need str2715, str2727, or CVE-2008-0047 patches.
* Tue Apr  1 2008 Tim Waugh  1:1.3.6-4
- Applied patch to fix CVE-2008-1373 (GIF overflow, bug #438303).
- Applied patch to prevent heap-based buffer overflow in CUPS helper
  program (bug #436153, CVE-2008-0047, STR #2729).
* Thu Feb 28 2008 Tim Waugh  1.3.6-3
- Apply upstream fix for Adobe JPEG files (bug #166460, STR #2727).
* Sat Feb 23 2008 Tim Waugh  1.3.6-2
- Fix encoding of job-sheets option (bug #433753, STR #2715).
* Wed Feb 20 2008 Tim Waugh  1.3.6-1
- 1.3.6.  No longer need str2650, str2664, or str2703 patches.
* Tue Feb 12 2008 Tim Waugh  1.3.5-3
- Fixed admin.cgi handling of DefaultAuthType (bug #432478, STR #2703).
* Mon Jan 21 2008 Tim Waugh  1.3.5-2
- Rebuilt.
* Thu Jan 10 2008 Tim Waugh 
- Apply patch to fix busy looping in the backends (bug #426653, STR #2664).
* Wed Jan  9 2008 Tim Waugh 
- Apply patch to prevent overlong PPD lines from causing failures except
  in strict mode (bug #405061).  Needed for compatibility with older
  versions of foomatic (e.g. Red Hat Enterprise Linux 3/4).
- Applied upstream patch to fix cupsctl --remote-any (bug #421411, STR #2650).
* Thu Jan  3 2008 Tim Waugh  1.3.5-1
- 1.3.5.  No longer need str2600, CVE-2007-4352,5392,5393 patches.
- Efficiency fix for pstoraster (bug #416871).
* Fri Nov 30 2007 Tim Waugh 
- CVE-2007-4045 patch is not necessarily because cupsd_client_t objects are
  not moved in array operations, only pointers to them.
* Tue Nov 27 2007 Tim Waugh 
- Updated to improved dnssd backend from Till Kamppeter.
- Don't undo the util.c parts of STR #2537.
* Tue Nov 20 2007 Tim Waugh  1:1.3.4-4
- Added fix for STR #2600 in which cupsd can crash from a NULL dereference
  with LogLevel debug2 (bug #385631).
* Mon Nov 12 2007 Tim Waugh  1:1.3.4-3
- Fixed CVE-2007-4045 patch; has no effect with shipped packages since they
  are linked with gnutls.
- Temporarily undo STR #2537 change so that non-UTF-8 requests are not
  rejected (bug #378211).
- LSPP cupsdSetString/ClearString fixes (bug #378451).
* Wed Nov  7 2007 Tim Waugh  1:1.3.4-2
- Applied patch to fix CVE-2007-4045 (bug #250161).
- Applied patch to fix CVE-2007-4352, CVE-2007-5392 and
  CVE-2007-5393 (bug #345101).
* Thu Nov  1 2007 Tim Waugh  1:1.3.4-1
- 1.3.4 (bug #362971).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #473901 - CVE-2008-5183 cups: DoS (daemon crash) by adding a large number of RSS subscriptions
        https://bugzilla.redhat.com/show_bug.cgi?id=473901
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cups' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.