Fedora 10: cups Security Update

    Date04 Dec 2009
    CategoryFedora
    60
    Posted ByLinuxSecurity Advisories
    This update include a fix for improper reference counting in abstract file descriptors handling interface (CVE-2009-3553), and for a memory leak in the LSPP support.
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2009-12652
    2009-12-04 22:41:17
    --------------------------------------------------------------------------------
    
    Name        : cups
    Product     : Fedora 10
    Version     : 1.3.11
    Release     : 4.fc10
    URL         : http://www.cups.org/
    Summary     : Common Unix Printing System
    Description :
    The Common UNIX Printing System provides a portable printing layer for
    UNIX® operating systems. It has been developed by Easy Software Products
    to promote a standard printing solution for all UNIX vendors and users.
    CUPS provides the System V and Berkeley command-line interfaces.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    This update include a fix for improper reference counting in abstract file
    descriptors handling interface (CVE-2009-3553), and for a memory leak in the
    LSPP support.
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Thu Dec  3 2009 Tim Waugh  - 1:1.3.11-4
    - Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200).
    * Wed Nov 11 2009 Jiri Popelka  1:1.3.11-3
    - Fixed lspp-patch to avoid memory leak (bug #536741).
    * Tue Nov 10 2009 Tim Waugh  1:1.3.11-2
    - Added fix for CVE-2009-2820 (bug #529833).
    * Tue Nov  3 2009 Tim Waugh  1:1.3.11-1
    - 1.3.11.
    * Tue Nov  3 2009 Tim Waugh  1:1.3.10-7
    - Removed stale patch from STR #2831 which was causing problems with
      number-up (bug #532516).
    * Tue Oct 20 2009 Jiri Popelka  1:1.3.10-6
    - Fix cups-lpd to create unique temporary data files (bug #529838, STR #3382).
    * Wed May  6 2009 Tim Waugh  1:1.3.10-5
    - Restart cupsd if "ServerAlias *" is added to cupsd.conf
      (bug #497354).
    - Ship "ServerAlias *" in cupsd.conf.default configuration file as
      well (bug #498884).
    * Mon Apr 27 2009 Tim Waugh  1:1.3.10-4
    - Adjust cupsd.conf by adding "ServerAlias *" automatically on upgrade
      (part of bug #497301).  The default cupsd.conf now includes this
      line as well.
    * Sun Apr 26 2009 Tim Waugh  1:1.3.10-2
    - Accept "Host: ::1" (bug #497393).
    - Accept Host: fields set to the ServerName value (bug #497301).
    - Temporarily relax requirement to have printer-uri attribute in
      IPP-Get-Jobs request (bug #497519).
    * Tue Apr 21 2009 Tim Waugh  1:1.3.10-1
    - 1.3.10.  No longer need ext, includeifexists, str2988,
      CVE-2008-5183, CVE-2008-5286, str3077, str3078, str3059, str3055 patches.
    - Requires poppler-utils.
    - NOTE: If your CUPS server is accessed using a hostname or hostnames
      not known to the server itself you must add "ServerAlias hostname"
      for each such name.  The special line "ServerAlias *" disables checking
      (but this allows DNS rebinding attacks).
    * Mon Mar  9 2009 Tim Waugh  1:1.3.9-9
    - Fixed getnameddest patch (bug #481481, STR #3082).
    - Handle https:// device URIs (bug #478677, STR #3122).
    * Wed Jan 28 2009 Tim Waugh  1:1.3.9-8
    - Always supply document-name when printing a file (STR #3055).
    - Load MIME type rules correctly (bug #426089, STR #3059).
    * Wed Jan 28 2009 Tim Waugh  1:1.3.9-7
    - Fixed quotas (STR #3077, STR #3078).
    * Tue Dec  9 2008 Tim Waugh  1:1.3.9-6
    - Attempt to unbreak the fix for STR #2831 (bug #474742).
    * Mon Dec  8 2008 Tim Waugh  1:1.3.9-5
    - Removed dnssd backend as it was causing problems (bug #475230).
    * Wed Dec  3 2008 Tim Waugh  1:1.3.9-4
    - Applied patch to fix STR #2974 (bug #473905, CVE-2008-5286,
      CVE-2008-1722).
    - Applied patch to fix RSS subscription limiting (bug #473901,
      CVE-2008-5183).
    - Fixed cups-polld again for res_init (STR #3023, bug #354071).
    - Added patch to avoid polling busy loop (STR #2988).
    * Thu Oct 30 2008 Tim Waugh  1:1.3.9-3
    - Fixed LSPP labels (bug #468442).
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #530111 - CVE-2009-3553 cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface
            https://bugzilla.redhat.com/show_bug.cgi?id=530111
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use 
    su -c 'yum update cups' at the command line.
    For more information, refer to "Managing Software with yum",
    available at http://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    http://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    
    _______________________________________________
    Fedora-package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.redhat.com/mailman/listinfo/fedora-package-announce
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"67","type":"x","order":"1","pct":57.26,"resources":[]},{"id":"88","title":"Should be more technical","votes":"16","type":"x","order":"2","pct":13.68,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.