UbuntuUpdates.org

Package "cups"

Name: cups

Description:

Common UNIX Printing System(tm) - PPD/driver support, web interface

Latest version: 1.7.2-0ubuntu1.10
Release: trusty (14.04)
Level: updates
Repository: main
Homepage: http://www.cups.org

Links

Save this URL for the latest version of "cups": https://www.ubuntuupdates.org/cups


Download "cups"


Other versions of "cups" in Trusty

Repository Area Version
base main 1.7.2-0ubuntu1
security main 1.7.2-0ubuntu1.10

Packages in group

Deleted packages are displayed in grey.

cups-bsd cups-client cups-common cups-core-drivers cups-daemon
cups-dbg cups-ppdc cups-server-common libcups2 libcups2-dev
libcupscgi1 libcupscgi1-dev libcupsimage2 libcupsimage2-dev libcupsmime1
libcupsmime1-dev libcupsppdc1 libcupsppdc1-dev

Changelog

Version: 1.7.2-0ubuntu1.10 2018-07-11 18:07:20 UTC

  cups (1.7.2-0ubuntu1.10) trusty-security; urgency=medium

  * SECURITY UPDATE: scheduler crash via DBUS notifications
    - debian/patches/CVE-2017-18248.patch: validate requesting-user-name in
      scheduler/ipp.c.
    - CVE-2017-18248
  * SECURITY UPDATE: privilege escalation in dnssd backend
    - debian/patches/CVE-2018-418x.patch: don't allow PassEnv and SetEnv to
      override standard variables in man/cups-files.conf.man.in,
      man/cupsd.conf.man.in, scheduler/conf.c.
    - CVE-2018-4180
  * SECURITY UPDATE: local file read via Include directive
    - debian/patches/CVE-2018-418x.patch: remove Include directive handling
      in scheduler/conf.c.
    - CVE-2018-4181
  * SECURITY UPDATE: AppArmor sandbox bypass
    - debian/local/apparmor-profile: also confine
      /usr/lib/cups/backend/mdns.
    - CVE-2018-6553

 -- Marc Deslauriers <email address hidden> Fri, 22 Jun 2018 13:53:17 -0400

Source diff to previous version
CVE-2017-18248 The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs
CVE-2018-4180 Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
CVE-2018-4181 Limited Local File Reads as Root via cupsd.conf Include Directive
CVE-2018-6553 AppArmor profile issue in cups

Version: 1.7.2-0ubuntu1.9 2018-02-21 00:07:30 UTC

  cups (1.7.2-0ubuntu1.9) trusty-security; urgency=medium

  * SECURITY UPDATE: Incorrect whitelist permits DNS rebinding attacks
    - debian/patches/CVE-2017-18190.patch: Don't treat "localhost.localdomain"
      as an allowed replacement for localhost, since it isn't
    - CVE-2017-18190

 -- Chris Coulson <email address hidden> Mon, 19 Feb 2018 17:45:40 +0000

Source diff to previous version
CVE-2017-18190 A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP c

Version: 1.7.2-0ubuntu1.8 2017-02-28 00:06:46 UTC

  cups (1.7.2-0ubuntu1.8) trusty; urgency=medium

  * Fixed processing of server overrides without port numbers. (LP: #1665018)

 -- Dariusz Gadomski <email address hidden> Wed, 15 Feb 2017 15:55:27 +0100

Source diff to previous version
1665018 client tools ignore -h option without port number

Version: 1.7.2-0ubuntu1.7 2015-12-16 19:06:28 UTC

  cups (1.7.2-0ubuntu1.7) trusty-security; urgency=medium

  * Disable SSLv3 with option to turn back on.
    - debian/patches/disable-sslv3.patch: AllowSSL3 turns SSLv3
      back on and AllowRC4 turns on just the RC4 cypers. (LP: #1505328)

 -- Bryan Quigley Tue, 10 Nov 2015 21:08:44 +0000

Source diff to previous version
1505328 Cups SSL is vulnerable to POODLE

Version: 1.7.2-0ubuntu1.6 2015-06-10 14:07:00 UTC

  cups (1.7.2-0ubuntu1.6) trusty-security; urgency=medium

  * SECURITY UPDATE: privilege escalation through dynamic linker and
    isolated vulnerabilities
    - debian/patches/str4609.patch: apply patch from upstream to
      cgi-bin/ipp-var.c, cgi-bin/template.c, scheduler/client.c,
      scheduler/env.c, scheduler/ipp.c, scheduler/job.c, scheduler/main.c.
    - CVE number pending

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2015 08:08:11 -0400




About   -   Send Feedback to @ubuntu_updates