ELSA-2014-1388
- ULN >
- Oracle Linux Errata repository >
- ELSA-2014-1388
ELSA-2014-1388 - cups security and bug fix update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2014-10-15 |
Description
[1:1.4.2-67]
- Revert change to whitelist /rss/ resources, as this was not used
upstream.
[1:1.4.2-66]
- More STR #4461 fixes from upstream: make rss feeds world-readable,
but cachedir private.
- Fix icon display in web interface during server restart (STR #4475).
[1:1.4.2-65]
- Fixes for upstream patch for STR #4461: allow /rss/ requests for
files we created.
[1:1.4.2-64]
- Use upstream patch for STR #4461.
[1:1.4.2-63]
- Applied upstream patch to fix CVE-2014-5029 (bug #1122600),
CVE-2014-5030 (bug #1128764), CVE-2014-5031 (bug #1128767).
- Fix conf/log file reading for authenticated users (STR #4461).
[1:1.4.2-62]
- Fix CGI handling (STR #4454, bug #1120419).
[1:1.4.2-61]
- fix patch for CVE-2014-3537 (bug #1117794)
[1:1.4.2-60]
- CVE-2014-2856: cross-site scripting flaw (bug #1117798)
- CVE-2014-3537: insufficient checking leads to privilege escalation (bug #1117794)
[1:1.4.2-59]
- Removed package description changes.
[1:1.4.2-58]
- Applied patch to fix 'Bad request' errors as a result of adding in
httpSetTimeout (STR #4440, also part of svn revision 9967).
[1:1.4.2-57]
- Fixed timeout issue with cupsd reading when there is no data ready
(bug #1110045).
[1:1.4.2-56]
- Fixed synconclose patch to avoid 'too many arguments for format' warning.
- Fixed settimeout patch to include math.h for fmod declaration.
[1:1.4.2-55]
- Fixed typo preventing web interface from changing driver (bug #1104483,
STR #3601).
- Fixed SyncOnClose patch (bug #984883).
[1:1.4.2-54]
- Use upstream patch to avoid replaying GSS credentials (bug #1040293).
[1:1.4.2-53]
- Prevent BrowsePoll problems across suspend/resume (bug #769292):
- Eliminate indefinite wait for response (svn revision 9688).
- Backported httpSetTimeout API function from CUPS 1.5 and use it in
the ipp backend so that we wait indefinitely until the printer
responds, we get a hard error, or the job is cancelled.
- cups-polld: reconnect on error.
- Added new SyncOnClose directive to use fsync() after altering
configuration files: defaults to 'Yes'. Adjust in cupsd.conf (bug #984883).
- Fix cupsctl man page typo (bug #1011076).
- Use more portable rpm specfile syntax for conditional php building
(bug #988598).
- Fix SetEnv directive in cupsd.conf (bug #986495).
- Fix 'collection' attribute sending (bug #978387).
- Prevent format_log segfault (bug #971079).
- Prevent stringpool corruption (bug #884851).
- Don't crash when job queued for printer that times out (bug #855431).
- Upstream patch for broken multipart handling (bug #852846).
- Install /etc/cron.daily/cups with correct permissions (bug #1012482).
Related CVEs
| CVE-2014-2856 |
| CVE-2014-3537 |
| CVE-2014-5029 |
| CVE-2014-5030 |
| CVE-2014-5031 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 6 (i386) | cups-1.4.2-67.el6.src.rpm | 5f2b21c97465f246899cf7642a45528f | ELBA-2019-0716 |
| cups-1.4.2-67.el6.i686.rpm | ef9f658779e2b4a2b5c4c06cfdb0516c | ELBA-2019-0716 | |
| cups-devel-1.4.2-67.el6.i686.rpm | f2e19973e25a7061a92efce620ce0159 | ELBA-2019-0716 | |
| cups-libs-1.4.2-67.el6.i686.rpm | 951085d29c0cb00b7b9a81ae27db922d | ELBA-2019-0716 | |
| cups-lpd-1.4.2-67.el6.i686.rpm | 577514550fde6a817022a097e2eabb8d | ELBA-2019-0716 | |
| cups-php-1.4.2-67.el6.i686.rpm | 1d193c999aa4cfb66270a29837f76866 | ELBA-2019-0716 | |
| Oracle Linux 6 (x86_64) | cups-1.4.2-67.el6.src.rpm | 5f2b21c97465f246899cf7642a45528f | ELBA-2019-0716 |
| cups-1.4.2-67.el6.x86_64.rpm | bdb40118bec2b02c442911204cba5923 | ELBA-2019-0716 | |
| cups-devel-1.4.2-67.el6.i686.rpm | f2e19973e25a7061a92efce620ce0159 | ELBA-2019-0716 | |
| cups-devel-1.4.2-67.el6.x86_64.rpm | 1d8a0a44038075605e24087d1e9593db | ELBA-2019-0716 | |
| cups-libs-1.4.2-67.el6.i686.rpm | 951085d29c0cb00b7b9a81ae27db922d | ELBA-2019-0716 | |
| cups-libs-1.4.2-67.el6.x86_64.rpm | 7e878f63827c186893f8b55665da4e70 | ELBA-2019-0716 | |
| cups-lpd-1.4.2-67.el6.x86_64.rpm | 5813b0cb58892436ea621f2af30406f3 | ELBA-2019-0716 | |
| cups-php-1.4.2-67.el6.x86_64.rpm | f30a9462072be7611003b994bdaa56a0 | ELBA-2019-0716 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
