--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-11314
2009-11-11 14:14:44
--------------------------------------------------------------------------------
Name : cups
Product : Fedora 12
Version : 1.4.2
Release : 7.fc12
URL : http://www.cups.org/
Summary : Common Unix Printing System
Description :
The Common UNIX Printing System provides a portable printing layer for
UNIX® operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
--------------------------------------------------------------------------------
Update Information:
New release, including fix for XSS vulnerability in web interface
(CVE-2009-2820) and for improper reference counting in abstract file descriptorshandling interface (CVE-2009-3553).
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 19 2009 Tim Waugh 1:1.4.2-7
- Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200).
* Tue Nov 17 2009 Tim Waugh 1:1.4.2-6
- Fixed display of current driver (bug #537182, STR #3418).
- Fixed out-of-memory handling when loading jobs (bug #538054,
STR #3407).
* Mon Nov 16 2009 Tim Waugh 1:1.4.2-5
- Fixed typo in admin web template (bug #537884, STR #3403).
- Reset SIGPIPE handler for child processes (bug #537886, STR #3399).
* Mon Nov 16 2009 Tim Waugh 1:1.4.2-4
- Upstream fix for GNU TLS error handling bug (bug #537883, STR #3381).
* Wed Nov 11 2009 Jiri Popelka 1:1.4.2-3
- Fixed lspp-patch to avoid memory leak (bug #536741).
* Tue Nov 10 2009 Tim Waugh 1:1.4.2-2
- Added explicit version dependency on cups-libs to cups-lpd
(bug #502205).
* Tue Nov 10 2009 Tim Waugh 1:1.4.2-1
- 1.4.2. No longer need str3380, str3332, str3356, str3396 patches.
- Removed postscript.ppd.gz (bug #533371).
- Renumbered patches and sources.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #529833 - CVE-2009-2820 cups: Several XSS flaws in forms processed by CUPS web interface
https://bugzilla.redhat.com/show_bug.cgi?id=529833
[ 2 ] Bug #530111 - CVE-2009-3553 cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface
https://bugzilla.redhat.com/show_bug.cgi?id=530111
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update cups' at the command line.
For more information, refer to "Managing Software with yum",
available at .
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce