Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Errata Announcements for Oracle Linux <el-errata <at> oss.oracle.com>
Subject: ELSA-2013-0580 Moderate: Oracle Linux 5 cups security update
Newsgroups: gmane.linux.oracle.el-errata
Date: Friday 1st March 2013 14:43:04 UTC (over 3 years ago)
Oracle Linux Security Advisory ELSA-2013-0580

https://rhn.redhat.com/errata/RHSA-2013-0580.html

The following updated rpms for Oracle Linux 5 have been uploaded to the 
Unbreakable Linux Network:

i386:
cups-1.3.7-30.el5_9.3.i386.rpm
cups-devel-1.3.7-30.el5_9.3.i386.rpm
cups-libs-1.3.7-30.el5_9.3.i386.rpm
cups-lpd-1.3.7-30.el5_9.3.i386.rpm

x86_64:
cups-1.3.7-30.el5_9.3.x86_64.rpm
cups-devel-1.3.7-30.el5_9.3.i386.rpm
cups-devel-1.3.7-30.el5_9.3.x86_64.rpm
cups-libs-1.3.7-30.el5_9.3.i386.rpm
cups-libs-1.3.7-30.el5_9.3.x86_64.rpm
cups-lpd-1.3.7-30.el5_9.3.x86_64.rpm

ia64:
cups-1.3.7-30.el5_9.3.ia64.rpm
cups-devel-1.3.7-30.el5_9.3.ia64.rpm
cups-libs-1.3.7-30.el5_9.3.i386.rpm
cups-libs-1.3.7-30.el5_9.3.ia64.rpm
cups-lpd-1.3.7-30.el5_9.3.ia64.rpm


SRPMS:
http://oss.oracle.com/ol5/SRPMS-updates/cups-1.3.7-30.el5_9.3.src.rpm



Description of changes:

[1:1.3.7-30:.3]
- Fix for CVE-2012-5519 patch: handle blacklisted lines that have no
   value part gracefully.

[1:1.3.7-30:.2]
- Added documentation for new CVE-2012-5519 option.

[1:1.3.7-30:.1]
- Applied patch to fix CVE-2012-5519 (privilege escalation for users
   in SystemGroup or with equivalent polkit permission).  This prevents
   HTTP PUT requests with paths under /admin/conf/ other than that for
   cupsd.conf, and also prevents such requests altering certain
   configuration directives such as PageLog and FileDevice (bug #875898).
 
CD: 3ms