Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 9: 2008-10917 Critical: CUPS DoS Security Update

fedora
Calendar Grey December 9, 2008
Dist Fedora Esm H88
Patch released for CUPS in Fedora 9 to mitigate Denial of Service vulnerabilities and enhance operational features, addressing CVE-2008-5183.
Security update to fix CVE-2008-5183

Summary

The Common UNIX Printing System provides a portable printing layer for

UNIX® operating systems. It has been developed by Easy Software Products

to promote a standard printing solution for all UNIX vendors and users.

CUPS provides the System V and Berkeley command-line interfaces.

Update Information:

Security update to fix CVE-2008-5183. Also fixed in this update are a bug that caused cups-polld to fail to resolve hostnames, a bug that could cause libcups to get stuck in a loop, and incorrect form-feed handling in the textonly filter.

Topics%20covered

Topics Covered

security advisory software update Fedora DoS critical fix CUPS system functionality

Change Log

* Wed Dec 3 2008 Tim Waugh 1:1.3.9-2 - Applied patch to fix STR #2974 (bug #473905, CVE-2008-5286, CVE-2008-1722). - Applied patch to fix RSS subscription limiting (bug #473901, CVE-2008-5183). - Fixed cups-polld again for res_init (STR #3023, bug #354071). - Added patch to avoid polling busy loop (STR #2988). - Fixed textonly filter to send FF correctly. * Fri Oct 10 2008 Tim Waugh 1:1.3.9-1 - 1.3.9, including fixes for CVE-2008-3639 / STR #2918, CVE-2008-3640 / STR #2919 and CVE-2008-3641 / STR #2911 (bug #466419). - No longer need str2892 or res_init patches. * Wed Sep 10 2008 Tim Waugh - Backported patch for FatalErrors configuration directive (bug #314941, STR #2536). * Wed Sep 3 2008 Tim Waugh - The dnssd backend uses avahi-browse so require it (bug #458565). - cups-polld: reinit the resolver if we haven't yet resolved the hostname (bug #354071). * Tue Aug 5 2008 Tim Waugh 1:1.3.8-2 - Mark template files config(noreplace) for site-local modifications (bug #441719). * Sun Aug 3 2008 Tim Waugh 1:1.3.8-1 - 1.3.8. - Applied patch to fix STR #2892 (bug #453610). - Removed autoconf requirement by applying autoconf-generated changes to patches that caused them. Affected patches: cups-lspp. - CVE-2008-1373 patch is no longer needed (applied upstream). - Mark HTML files and templates config(noreplace) for site-local modifications (bug #441719). - The cups-devel package requires zlib-devel (bug #455192). * Tue Jul 1 2008 Tim Waugh 1:1.3.7-8 - Fixed bug #447200 again. * Tue Jun 17 2008 Tim Waugh - Don't overwrite the upstream snmp.conf file. * Tue Jun 17 2008 Tim Waugh 1:1.3.7-7 - Backported cupsGetNamedDest from 1.4 (bug #428086). - Fixed bug #447200 again. * Tue Jun 3 2008 Tim Waugh 1:1.3.7-6 - Applied patch to fix STR #2750 (IPP authentication). * Fri May 30 2008 Tim Waugh 1:1.3.7-5 - Better fix for cupsdTimeoutJob LSPP configuration suggested by Matt Anderson (bug #447200). * Thu May 29 2008 Tim Waugh 1:1.3.7-4 - Fix last fix (bug #447200). * Wed May 28 2008 Tim Waugh 1:1.3.7-3 - If cupsdTimeoutJob is called when the originating connection is still known, pass that to the function so that copy_banner can get at it if necessary (bug #447200). * Fri May 9 2008 Tim Waugh 1:1.3.7-2 - Applied patch to fix CVE-2008-1722 (integer overflow in image filter, bug #441692, STR #2790). * Thu Apr 3 2008 Tim Waugh - Main package requires exactly-matching libs package.

References


[ 1 ] Bug #473901 - CVE-2008-5183 cups: DoS (daemon crash) by adding a large number of RSS subscriptions https://bugzilla.redhat.com/show_bug.cgi?id=473901

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update cups' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cups
Product: Fedora 9
Version: 1.3.9
Release: 2.fc9
URL: http://www.cups.org/
Summary: Common Unix Printing System

Topics%20covered

Topics Covered

security advisory software update Fedora DoS critical fix CUPS system functionality

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here