Package "cups"

Name: cups


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Common UNIX Printing System(tm) - IPP developer/admin utilities

Latest version: 2.1.3-4ubuntu0.10
Release: xenial (16.04)
Level: updates
Repository: universe


Save this URL for the latest version of "cups": https://www.ubuntuupdates.org/cups

Other versions of "cups" in Xenial

Repository Area Version
base universe 2.1.3-4
base main 2.1.3-4
security universe 2.1.3-4ubuntu0.10
security main 2.1.3-4ubuntu0.10
updates main 2.1.3-4ubuntu0.10

Packages in group

Deleted packages are displayed in grey.


Version: 2.1.3-4ubuntu0.5 2018-07-11 18:07:29 UTC

  cups (2.1.3-4ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: scheduler crash via DBUS notifications
    - debian/patches/CVE-2017-18248.patch: validate requesting-user-name in
    - CVE-2017-18248
  * SECURITY UPDATE: privilege escalation in dnssd backend
    - debian/patches/CVE-2018-418x.patch: don't allow PassEnv and SetEnv to
      override standard variables in man/cups-files.conf.man.in,
      man/cupsd.conf.man.in, scheduler/conf.c.
    - CVE-2018-4180
  * SECURITY UPDATE: local file read via Include directive
    - debian/patches/CVE-2018-418x.patch: remove Include directive handling
      in scheduler/conf.c.
    - CVE-2018-4181
  * SECURITY UPDATE: AppArmor sandbox bypass
    - debian/local/apparmor-profile: also confine
    - CVE-2018-6553

 -- Marc Deslauriers <email address hidden> Fri, 22 Jun 2018 13:45:28 -0400

Source diff to previous version
CVE-2017-18248 The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs
CVE-2018-4180 Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
CVE-2018-4181 Limited Local File Reads as Root via cupsd.conf Include Directive
CVE-2018-6553 AppArmor profile issue in cups

Version: 2.1.3-4ubuntu0.4 2018-02-21 00:07:38 UTC

  cups (2.1.3-4ubuntu0.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Incorrect whitelist permits DNS rebinding attacks
    - debian/patches/CVE-2017-18190.patch: Don't treat "localhost.localdomain"
      as an allowed replacement for localhost, since it isn't
    - CVE-2017-18190

 -- Chris Coulson <email address hidden> Mon, 19 Feb 2018 17:37:01 +0000

Source diff to previous version
CVE-2017-18190 A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP c

Version: 2.1.3-4ubuntu0.3 2017-08-31 14:07:02 UTC

  cups (2.1.3-4ubuntu0.3) xenial; urgency=high

  * Adding maintainer script debian/cups-daemon.prerm to deal with situations
    where "old-version" (installed package) prerm script fails. (LP: #1642966).

Version: *DELETED* 2017-03-27 14:06:50 UTC
No changelog for deleted or moved packages.

Version: 2.1.3-4ubuntu0.2 2017-03-27 08:06:51 UTC

  cups (2.1.3-4ubuntu0.2) xenial; urgency=medium

  * Make cups.path unit be part of the cups.service, since cups.path
    should stop if and when cups.service is stopped. LP: #1642966

 -- Dimitri John Ledkov <email address hidden> Thu, 22 Dec 2016 17:08:36 +0000

1642966 package cups-daemon 2.1.3-4 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1

About   -   Send Feedback to @ubuntu_updates