cups (2.4.1op1-1ubuntu4.11) jammy-security; urgency=medium
* SECURITY UPDATE: PPD injection issues (LP: #2082335)
- debian/patches/sec-202409-1.patch: validate URIs, attribute names,
and capabilities in cups/ppd-cache.c, scheduler/ipp.c.
- debian/patches/sec-202409-2.patch: sanitize make and model in
cups/ppd-cache.c.
- debian/patches/sec-202409-3.patch: PPDize preset and template names
in cups/ppd-cache.c.
- debian/patches/sec-202409-4.patch: quote PPD localized strings in
cups/ppd-cache.c.
- debian/patches/sec-202409-5.patch: fix warnings in cups/ppd-cache.c.
- CVE number pending
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 26 Sep 2024 07:27:55 -0400
cups (2.4.1op1-1ubuntu4.10) jammy-security; urgency=medium
* SECURITY REGRESSION: early exit on missing listen directive
- d/p/fix-scheduler-start-if-only-domain-socket-to-listen.patch: don't
exit if no valid Listen or Port found (LP: #2070315)
-- Sudhakar Verma <sudhakar.verma@canonical.com> Thu, 27 Jun 2024 19:09:25 +0530
cups (2.4.1op1-1ubuntu4.9) jammy-security; urgency=medium
* SECURITY UPDATE: cupsd listen arbitrary chmod 0140777
- debian/patches/CVE-2024-35235.patch: validate status of unlink and bind
in cups/http-addr.c
- CVE-2024-35235
-- Sudhakar Verma <sudhakar.verma@canonical.com> Fri, 21 Jun 2024 00:32:50 +0530
cups (2.4.1op1-1ubuntu4.8) jammy; urgency=medium
* The "lpoptions" utility, when run as root was writing into the file
/root/.cups/lpoptions instread of /etc/cups/lpoptions. System software
should never write into /root/ (LP: #2052925).
-- Till Kamppeter <till.kamppeter@gmail.com> Wed, 14 Feb 2023 14:10:00 +0100
cups (2.4.1op1-1ubuntu4.7) jammy-security; urgency=medium
* SECURITY UPDATE: Postscript parsing heap overflow
- debian/patches/CVE-2023-4504.patch: properly check for end of buffer
in cups/raster-interpret.c.
- CVE-2023-4504
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 15 Sep 2023 07:19:58 -0400
cups (2.4.1op1-1ubuntu4.6) jammy-security; urgency=medium
* SECURITY UPDATE: recently printed documents authentication issue
- debian/patches/CVE-2023-32360.patch: require authentication for
CUPS-Get-Document in conf/cupsd.conf.in.
- CVE-2023-32360
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 11 Sep 2023 12:29:43 -0400
cups (2.4.1op1-1ubuntu4.5) jammy; urgency=medium
* Fixes to assure color printing on color printers by default or on request
(LP: #1971242)
- check-colormodel-also-for-cmyk.patch: Take into account that on some
printers the ColorModel option's choice for color printing is CMYK and
not RGB.
- dont-override-color-settings-from-print-dialog.patch: Prioritize
the ColorModel PPD file option over the print-color-mode IPP
attribute.
-- Till Kamppeter <till.kamppeter@gmail.com> Sat, 24 Jun 2023 17:20:00 +0200
cups (2.4.1op1-1ubuntu4.4) jammy-security; urgency=medium
* SECURITY UPDATE: use-after-free in cupsdAcceptClient()
- debian/patches/CVE-2023-34241.patch: log result of httpGetHostname
BEFORE closing the connection in scheduler/client.c.
- CVE-2023-34241
* This package does _not_ contain the changes from 2.4.1op1-1ubuntu4.3 in
jammy-proposed.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 13 Jun 2023 08:17:22 -0400
cups (2.4.1op1-1ubuntu4.2) jammy-security; urgency=medium
* SECURITY UPDATE: DoS via buffer overflow in format_log_line
- debian/patches/CVE-2023-32324.patch: check _cups_strlcpy size in
cups/string.c.
- CVE-2023-32324
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 25 May 2023 08:42:49 -0400
cups (2.4.1op1-1ubuntu4.1) jammy-security; urgency=medium
* SECURITY UPDATE: Local authorization cert bypass
- debian/patches/CVE-2022-26691-1.patch: fix string comparison in
scheduler/cert.c.
- debian/patches/CVE-2022-26691-2.patch: fix the comment in
scheduler/cert.c.
- CVE-2022-26691
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 27 May 2022 07:53:01 -0400
# For older changelog entries, run 'apt-get changelog cups-common'
Generated by dwww version 1.14 on Thu Jan 23 03:44:46 CET 2025.