Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Errata Announcements for Oracle Linux <el-errata <at> oss.oracle.com>
Subject: ELSA-2013-0580 Moderate: Oracle Linux 6 cups security update
Newsgroups: gmane.linux.oracle.el-errata
Date: Friday 1st March 2013 03:01:10 UTC (over 3 years ago)
Oracle Linux Security Advisory ELSA-2013-0580

https://rhn.redhat.com/errata/RHSA-2013-0580.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
cups-1.4.2-50.el6_4.4.i686.rpm
cups-devel-1.4.2-50.el6_4.4.i686.rpm
cups-libs-1.4.2-50.el6_4.4.i686.rpm
cups-lpd-1.4.2-50.el6_4.4.i686.rpm
cups-php-1.4.2-50.el6_4.4.i686.rpm

x86_64:
cups-1.4.2-50.el6_4.4.x86_64.rpm
cups-devel-1.4.2-50.el6_4.4.i686.rpm
cups-devel-1.4.2-50.el6_4.4.x86_64.rpm
cups-libs-1.4.2-50.el6_4.4.i686.rpm
cups-libs-1.4.2-50.el6_4.4.x86_64.rpm
cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm
cups-php-1.4.2-50.el6_4.4.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/cups-1.4.2-50.el6_4.4.src.rpm



Description of changes:

[1:1.4.2-50:.4]
- Added BrowseLDAPCACertFile and PrintcapGUI to restricted options
   list.

[1:1.4.2-50:.3]
- Fix for CVE-2012-5519 patch: handle blacklisted lines that have no
   value part gracefully.

[1:1.4.2-50:.2]
- Added documentation for new CVE-2012-5519 option.

[1:1.4.2-50:.1]
- Applied patch to fix CVE-2012-5519 (privilege escalation for users
   in SystemGroup or with equivalent polkit permission).  This prevents
   HTTP PUT requests with paths under /admin/conf/ other than that for
   cupsd.conf, and also prevents such requests altering certain
   configuration directives such as PageLog and FileDevice (bug #875898).

[1:1.4.2-50]
- Fixed LDAP browsing issues (bug #870386).

[1:1.4.2-49]
- Avoid "forbidden" error when moving job between queues via web UI
 
CD: 4ms