UbuntuUpdates.org

Package "cups"

Name: cups

Description:

Common UNIX Printing System(tm) - PPD/driver support, web interface
Latest version: 1.7.2-0ubuntu1.11
Release: trusty (14.04)
Level: security
Repository: main
Homepage: http://www.cups.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "cups"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "cups" in Trusty

Repository Area Version
base main 1.7.2-0ubuntu1
updates main 1.7.2-0ubuntu1.11

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.7.2-0ubuntu1.5 2015-02-26 17:06:50 UTC

  cups (1.7.2-0ubuntu1.5) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in cupsRasterReadPixels
    - debian/patches/CVE-2014-9679.patch: validate cupsBytesPerLine and
      clear returned buffer in filter/raster.c.
    - CVE-2014-9679
 -- Marc Deslauriers <email address hidden> Wed, 25 Feb 2015 14:03:54 -0500
Source diff to previous version
CVE-2014-9679 Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via

Version: 1.7.2-0ubuntu1.2 2014-09-08 15:06:32 UTC

  cups (1.7.2-0ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via symlinks and world-readable
    permissions
    - debian/patches/CVE-2014-50xx.patch: add some more symlink and
      permission checks to scheduler/client.c.
    - CVE-2014-5029
    - CVE-2014-5030
    - CVE-2014-5031
  * debian/patches/cups-restore-access-to-logfiles.patch: fix regressions
    caused by recent security updates by allowing access to cupsd.conf and
    the log files. (LP: #1349387)
 -- Marc Deslauriers <email address hidden> Fri, 05 Sep 2014 15:04:59 -0400
Source diff to previous version
1349387 server settings are inaccessible
CVE-2014-5029 The web interface in CUPS 1.7.4 allows local users in the lp group to ...
CVE-2014-5030 CUPS before 2.0 allows local users to read arbitrary files via a ...
CVE-2014-5031 The web interface in CUPS before 2.0 does not check that files have ...

Version: 1.7.2-0ubuntu1.1 2014-07-21 17:06:50 UTC

  cups (1.7.2-0ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via rss dir symlink
    - debian/patches/CVE-2014-3537.patch: check for symlinks and proper
      permissions in scheduler/client.c.
    - CVE-2014-3537
 -- Marc Deslauriers <email address hidden> Fri, 18 Jul 2014 16:23:48 -0400
CVE-2014-3537 Insufficient checking leads to privilege escalation


About   -   Send Feedback to @ubuntu_updates