UbuntuUpdates.org

Package "cups"

Name: cups

Description:

Common UNIX Printing System(tm) - PPD/driver support, web interface

Latest version: 2.1.3-4ubuntu0.11
Release: xenial (16.04)
Level: updates
Repository: main
Homepage: http://www.cups.org

Links


Download "cups"


Other versions of "cups" in Xenial

Repository Area Version
base universe 2.1.3-4
base main 2.1.3-4
security main 2.1.3-4ubuntu0.11
security universe 2.1.3-4ubuntu0.11
updates universe 2.1.3-4ubuntu0.11

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.1.3-4ubuntu0.11 2020-04-27 16:06:28 UTC

  cups (2.1.3-4ubuntu0.11) xenial-security; urgency=medium

  * SECURITY UPDATE: information disclosure via OOB read
    - debian/patches/CVE-2019-2228.patch: fix ippSetValueTag validation of
      default language in cups/ipp.c.
    - CVE-2019-2228
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2020-3898.patch: properly handle invalid
      resolution names in cups/ppd.c, ppdc/ppdc-source.cxx.
    - CVE-2020-3898

 -- Marc Deslauriers <email address hidden> Fri, 24 Apr 2020 10:48:53 -0400

Source diff to previous version
CVE-2019-2228 In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in
CVE-2020-3898 heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c

Version: 2.1.3-4ubuntu0.10 2019-08-20 06:07:08 UTC

  cups (2.1.3-4ubuntu0.10) xenial-security; urgency=medium

  * SECURITY UPDATE: Stack buffer overflow in SNMP ASN.1 decoder
    - debian/patches/CVE-2019-86xx.patch: update cups/snmp.c to check for
      buffer overflow when decoding various ASN.1 elements.
    - CVE-2019-8675
    - CVE-2019-8696
  * SECURITY UPDATE: Buffer overflow in IPP
    - debian/patches/CVE-2019-86xx.patch: update cups/ipp.c to avoid
      buffer overflow due to tag type confusion
  * SECURITY UPDATE: Denial of service and memory disclosure in scheduler
    - debian/patches/CVE-2019-86xx.patch: update scheduler/client.c to
      avoid a denial of service and possible memory disclosure if the
      client unexpectedly closes the connection

 -- Alex Murray <email address hidden> Fri, 16 Aug 2019 17:40:11 +0930

Source diff to previous version
CVE-2019-8675 stack-buffer-overflow in libcups's asn1_get_type function
CVE-2019-8696 stack-buffer-overflow in libcups's asn1_get_packed function

Version: 2.1.3-4ubuntu0.9 2019-06-10 16:06:48 UTC

  cups (2.1.3-4ubuntu0.9) xenial; urgency=medium

  * d/p/0045-Fix-an-issue-with-PreserveJobHistory-and-time-values.patch
    Fix an issue with `PreserveJobHistory` and time values
    (Issue #5538, Closes: #921741, LP: #1747765)

 -- Dariusz Gadomski <email address hidden> Thu, 30 May 2019 11:33:26 +0200

Source diff to previous version
1747765 PreserveJobHistory and PreserveJobLog do not respect numeric input as outlined in the docs
921741 cups: Cups sheduler stops with program error when using JobPreserveHistory <seconds> - Debian Bug report logs

Version: 2.1.3-4ubuntu0.8 2019-05-15 23:06:30 UTC

  cups (2.1.3-4ubuntu0.8) xenial; urgency=medium

  * d/p/systemd-service-for-cupsd-after-sssd.patch: Start cupsd after sssd if
    installed (LP: #1822062)

 -- Victor Tapia <email address hidden> Tue, 23 Apr 2019 17:44:19 +0200

Source diff to previous version
1822062 Race condition on boot between cups and sssd

Version: 2.1.3-4ubuntu0.7 2019-01-17 12:06:29 UTC

  cups (2.1.3-4ubuntu0.7) xenial; urgency=medium

  * fix-handling-of-MaxJobTime.patch: Fix handling of MaxJobTime 0
    (LP: #1804576)

 -- Dariusz Gadomski <email address hidden> Wed, 12 Dec 2018 08:34:26 +0100

1804576 MaxJobTime=0 results in jobs being cancelled immediately instead of never



About   -   Send Feedback to @ubuntu_updates