UbuntuUpdates.org

Package "cups"

Name: cups

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Common UNIX Printing System (transitional package)

Latest version: 1.5.3-0ubuntu8.7
Release: precise (12.04)
Level: security
Repository: universe

Links



Other versions of "cups" in Precise

Repository Area Version
base main 1.5.2-9ubuntu1
base universe 1.5.2-9ubuntu1
security main 1.5.3-0ubuntu8.7
updates universe 1.5.3-0ubuntu8.7
updates main 1.5.3-0ubuntu8.7

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.5.3-0ubuntu8.7 2015-06-10 14:06:57 UTC

  cups (1.5.3-0ubuntu8.7) precise-security; urgency=medium

  * SECURITY UPDATE: privilege escalation through dynamic linker and
    isolated vulnerabilities
    - debian/patches/str4609.patch: apply patch from upstream to
      cgi-bin/ipp-var.c, cgi-bin/template.c, scheduler/ipp.c,
      scheduler/job.c.
    - CVE number pending

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2015 08:08:32 -0400

Source diff to previous version

Version: 1.5.3-0ubuntu8.6 2015-02-26 17:06:48 UTC

  cups (1.5.3-0ubuntu8.6) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in cupsRasterReadPixels
    - debian/patches/CVE-2014-9679.patch: validate cupsBytesPerLine and
      clear returned buffer in filter/raster.c.
    - CVE-2014-9679
 -- Marc Deslauriers <email address hidden> Wed, 25 Feb 2015 13:42:18 -0500

Source diff to previous version
CVE-2014-9679 Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via

Version: 1.5.3-0ubuntu8.5 2014-09-08 15:06:31 UTC

  cups (1.5.3-0ubuntu8.5) precise-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via symlinks and world-readable
    permissions
    - debian/patches/CVE-2014-50xx.patch: add some more symlink and
      permission checks to scheduler/client.c.
    - CVE-2014-5029
    - CVE-2014-5030
    - CVE-2014-5031
  * debian/patches/cups-restore-access-to-logfiles.patch: fix regressions
    caused by recent security updates by allowing access to cupsd.conf and
    the log files. (LP: #1349387)
 -- Marc Deslauriers <email address hidden> Fri, 05 Sep 2014 15:17:47 -0400

Source diff to previous version
1349387 server settings are inaccessible
CVE-2014-5029 The web interface in CUPS 1.7.4 allows local users in the lp group to ...
CVE-2014-5030 CUPS before 2.0 allows local users to read arbitrary files via a ...
CVE-2014-5031 The web interface in CUPS before 2.0 does not check that files have ...

Version: 1.5.3-0ubuntu8.4 2014-07-21 17:06:50 UTC

  cups (1.5.3-0ubuntu8.4) precise-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via rss dir symlink
    - debian/patches/CVE-2014-3537.patch: check for symlinks and proper
      permissions in scheduler/client.c.
    - CVE-2014-3537
 -- Marc Deslauriers <email address hidden> Fri, 18 Jul 2014 16:26:23 -0400

Source diff to previous version
CVE-2014-3537 Insufficient checking leads to privilege escalation

Version: 1.5.3-0ubuntu8.2 2014-04-24 16:06:54 UTC

  cups (1.5.3-0ubuntu8.2) precise-security; urgency=medium

  * SECURITY UPDATE: cross-site scripting issue in web interface
    - debian/patches/CVE-2014-2856.patch: filter bad characters from the
      URL in scheduler/client.c.
    - CVE-2014-2856
  * This package does _not_ contain the changes from 1.5.3-0ubuntu8.1 in
    precise-proposed.
 -- Marc Deslauriers <email address hidden> Fri, 18 Apr 2014 11:57:36 -0400

CVE-2014-2856 Cross-site scripting (XSS) vulnerability in scheduler/client.c in ...



About   -   Send Feedback to @ubuntu_updates