Package "cups"

Name: cups


Common UNIX Printing System(tm) - PPD/driver support, web interface

Latest version: 2.1.3-4ubuntu0.9
Release: xenial (16.04)
Level: updates
Repository: main
Homepage: http://www.cups.org


Save this URL for the latest version of "cups": https://www.ubuntuupdates.org/cups

Download "cups"

Other versions of "cups" in Xenial

Repository Area Version
base main 2.1.3-4
base universe 2.1.3-4
security main 2.1.3-4ubuntu0.6
security universe 2.1.3-4ubuntu0.6
updates universe 2.1.3-4ubuntu0.9

Packages in group

Deleted packages are displayed in grey.


Version: 2.1.3-4ubuntu0.9 2019-06-10 16:06:48 UTC

  cups (2.1.3-4ubuntu0.9) xenial; urgency=medium

  * d/p/0045-Fix-an-issue-with-PreserveJobHistory-and-time-values.patch
    Fix an issue with `PreserveJobHistory` and time values
    (Issue #5538, Closes: #921741, LP: #1747765)

 -- Dariusz Gadomski <email address hidden> Thu, 30 May 2019 11:33:26 +0200

Source diff to previous version
1747765 PreserveJobHistory and PreserveJobLog do not respect numeric input as outlined in the docs
921741 cups: Cups sheduler stops with program error when using JobPreserveHistory <seconds> - Debian Bug report logs

Version: 2.1.3-4ubuntu0.8 2019-05-15 23:06:30 UTC

  cups (2.1.3-4ubuntu0.8) xenial; urgency=medium

  * d/p/systemd-service-for-cupsd-after-sssd.patch: Start cupsd after sssd if
    installed (LP: #1822062)

 -- Victor Tapia <email address hidden> Tue, 23 Apr 2019 17:44:19 +0200

Source diff to previous version
1822062 Race condition on boot between cups and sssd

Version: 2.1.3-4ubuntu0.7 2019-01-17 12:06:29 UTC

  cups (2.1.3-4ubuntu0.7) xenial; urgency=medium

  * fix-handling-of-MaxJobTime.patch: Fix handling of MaxJobTime 0
    (LP: #1804576)

 -- Dariusz Gadomski <email address hidden> Wed, 12 Dec 2018 08:34:26 +0100

Source diff to previous version
1804576 MaxJobTime=0 results in jobs being cancelled immediately instead of never

Version: 2.1.3-4ubuntu0.6 2018-12-10 18:06:19 UTC

  cups (2.1.3-4ubuntu0.6) xenial-security; urgency=medium

  * SECURITY UPDATE: predictable session cookies
    - debian/patches/CVE-2018-4700.patch: use better seed in cgi-bin/var.c.
    - CVE-2018-4700

 -- Marc Deslauriers <email address hidden> Fri, 16 Nov 2018 14:06:39 -0500

Source diff to previous version
CVE-2018-4700 Linux session cookies used a predictable random number seed

Version: 2.1.3-4ubuntu0.5 2018-07-11 18:07:26 UTC

  cups (2.1.3-4ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: scheduler crash via DBUS notifications
    - debian/patches/CVE-2017-18248.patch: validate requesting-user-name in
    - CVE-2017-18248
  * SECURITY UPDATE: privilege escalation in dnssd backend
    - debian/patches/CVE-2018-418x.patch: don't allow PassEnv and SetEnv to
      override standard variables in man/cups-files.conf.man.in,
      man/cupsd.conf.man.in, scheduler/conf.c.
    - CVE-2018-4180
  * SECURITY UPDATE: local file read via Include directive
    - debian/patches/CVE-2018-418x.patch: remove Include directive handling
      in scheduler/conf.c.
    - CVE-2018-4181
  * SECURITY UPDATE: AppArmor sandbox bypass
    - debian/local/apparmor-profile: also confine
    - CVE-2018-6553

 -- Marc Deslauriers <email address hidden> Fri, 22 Jun 2018 13:45:28 -0400

CVE-2017-18248 The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs
CVE-2018-4180 Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
CVE-2018-4181 Limited Local File Reads as Root via cupsd.conf Include Directive
CVE-2018-6553 AppArmor profile issue in cups

About   -   Send Feedback to @ubuntu_updates