Opened 22 months ago

Closed 22 months ago

Last modified 20 months ago

#18125 closed enhancement (fixed)

cups-2.4.4

Reported by: Douglas R. Reno Owned by: Bruce Dubbs
Priority: elevated Milestone: 12.0
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version

Change History (8)

comment:1 by Douglas R. Reno, 22 months ago

Priority: normalelevated

comment:2 by Douglas R. Reno, 22 months ago

Contains a fix for CVE-2023-32324 in it

comment:3 by martyj19, 22 months ago

Summary: cups-2.4.3cups-2.4.4

Now 2.4.4 with a crash fix.

comment:4 by Bruce Dubbs, 22 months ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:5 by Bruce Dubbs, 22 months ago

Changes in CUPS v2.4.4 - 2023-06-06

  • Fix segfault in 'cupsGetNamedDest()` when trying to get default printer, but the default printer is not set

Changes in CUPS v2.4.3 (2023-06-01)

  • Added a title with device uri for found network printers
  • Added new media sizes defined by IANA
  • Added quirk for GoDEX label printers
  • Fixed '--enable-libtool-unsupported`
  • Fixed configuration on RISC-V machines
  • Fixed the 'device_uri' invalid pointer for driverless printers with '.local' hostname
  • Fixed an OpenSSL crash bug
  • Fixed a potential SNMP OID value overflow issue
  • Fixed an OpenSSL certificate loading issue
  • Fixed Brazilian Portuguese translations
  • Fixed 'cupsd` default keychain location when building with OpenSSL
  • Fixed default color settings for CMYK printers as well
  • Fixed duplicate PPD2IPP media-type names
  • Fixed possible heap buffer overflow in '_cups_strlcpy()` (fixes CVE-2023-32324)
    • OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function 'format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file 'cupsd.conf' sets the value of 'loglevel' to 'DEBUG'
  • Fixed InputSlot heuristic for photo sizes smaller than 5x7" if there is no media-source in the request
  • Fixed invalid memory access during generating IPP Everywhere queue
  • Fixed lprm if no destination is provided
  • Fixed memory leaks in 'create_local_bg_thread()`
  • Fixed media size tolerance in 'ippeveprinter`
  • Fixed passing command name without path into 'ippeveprinter`
  • Fixed saving strings file path in 'printers.conf`
  • Fixed TLS certificate generation bugs
  • 'ippDeleteValues` would not delete the last value
  • Ignore some of IPP defaults if the application sends its PPD alternative
  • Make 'Letter` the default size in 'ippevepcl'
  • Now accessing Admin page in Web UI requires authentication
  • Now look for default printer on network if needed
  • Now we poll 'media-col-database` separately if we fail at first
  • Now report fax attributes and values as needed
  • Now localize HTTP responses using the Content-Language value
  • Raised file size limit for importing PPD via Web UI
  • Raised maximum listen backlog size to INT MAX
  • Update print-color-mode if the printer is modified via ColorModel PPD option
  • Use localhost when printing via printer application
  • Write defaults into /etc/cups/lpoptions if we're root

comment:6 by Bruce Dubbs, 22 months ago

Resolution: fixed
Status: assignedclosed

Fixed at commits 

ee4e93c572 Update to cups-2.4.4.
5717fa785a Update to bluefish-2.2.14.
c222649c20 Update to icewm-3.4.0.
7939b3d838 Update to nss-3.90.
b687f3a20a Update to xorgproto-2023.1.

comment:7 by Douglas R. Reno, 22 months ago

SA-11.3-039 issued

comment:8 by Bruce Dubbs, 20 months ago

Milestone: 11.412.0

Milestone renamed

Note: See TracTickets for help on using tickets.