UbuntuUpdates.org

Package "cups-filters"

Name: cups-filters

Description:

OpenPrinting CUPS Filters - Main Package

Latest version: 1.27.4-1ubuntu0.4
Release: focal (20.04)
Level: security
Repository: main
Homepage: https://wiki.linuxfoundation.org/openprinting/

Links


Download "cups-filters"


Other versions of "cups-filters" in Focal

Repository Area Version
base main 1.27.4-1
updates main 1.27.4-1ubuntu0.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.27.4-1ubuntu0.4 2024-10-09 14:07:10 UTC

  cups-filters (1.27.4-1ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: more complete fix for CVE-2024-47176
    - debian/patches/CVE-2024-47176-2.patch: completely remove support for
      legacy CUPS protocol and LDAP.
    - CVE-2024-47176
  * debian/patches/sec-202409-1.patch: renamed to CVE-2024-47076.patch.
  * debian/patches/sec-202409-2.patch: renamed to CVE-2024-47176-1.patch.

 -- Marc Deslauriers <email address hidden> Tue, 08 Oct 2024 07:51:02 -0400

Source diff to previous version
CVE-2024-47176 CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, aut
CVE-2024-47076 CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as

Version: 1.27.4-1ubuntu0.3 2024-09-26 22:06:49 UTC

  cups-filters (1.27.4-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: PPD injection issues (LP: #2082335)
    - debian/patches/sec-202409-1.patch: validate response attributes
      before return in cupsfilters/ipp.c.
    - debian/patches/sec-202409-2.patch: disable legacy CUPS protocol in
      configure.ac.
    - CVE number pending

 -- Marc Deslauriers <email address hidden> Thu, 26 Sep 2024 10:22:31 -0400

Source diff to previous version

Version: 1.27.4-1ubuntu0.2 2023-05-17 17:07:44 UTC

  cups-filters (1.27.4-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: code execution in beh CUPS backend
    - debian/patches/CVE-2023-24805-1.patch: use execv() instead of
      system() in backend/beh.c.
    - debian/patches/CVE-2023-24805-2.patch: extra checks against
      odd/forged input in backend/beh.c.
    - debian/patches/CVE-2023-24805-3.patch: further improvements in
      backend/beh.c.
    - CVE-2023-24805

 -- Marc Deslauriers <email address hidden> Mon, 15 May 2023 10:35:05 -0400




About   -   Send Feedback to @ubuntu_updates