[El-errata] ELSA-2010-0490 Important: Enterprise Linux 4 cups security update

Errata Announcements for Enterprise Linux el-errata at oss.oracle.com
Thu Jun 17 20:13:14 PDT 2010


Enterprise Linux Security Advisory ELSA-2010-0490

https://rhn.redhat.com/errata/RHSA-2010-0490.html

The following updated rpms for Enterprise Linux 4 have been uploaded to 
the Unbreakable Linux Network:

i386:
cups-1.1.22-0.rc1.9.32.el4_8.6.i386.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.6.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.6.i386.rpm

x86_64:
cups-1.1.22-0.rc1.9.32.el4_8.6.x86_64.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.6.x86_64.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.6.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.6.x86_64.rpm

ia64:
cups-1.1.22-0.rc1.9.32.el4_8.6.ia64.rpm
cups-devel-1.1.22-0.rc1.9.32.el4_8.6.ia64.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.6.i386.rpm
cups-libs-1.1.22-0.rc1.9.32.el4_8.6.ia64.rpm


SRPMS:
http://oss.oracle.com/el4/SRPMS-updates/cups-1.1.22-0.rc1.9.32.el4_8.6.src.rpm


Description of changes:


[1:1.1.22-0.rc1.9.32:.6]
- Don't set domain= for cookies.

[1:1.1.22-0.rc1.9.32:.5]
- Fixed CVE-2010-0540 patch to ensure all headers are sent before
  content.

[1:1.1.22-0.rc1.9.32:.4]
- Applied patch for CVE-2010-1748 (web interface memory disclosure,
  STR #3577, bug #591983).
- Applied patch for CVE-2010-0542 (texttops unchecked memory
  allocation failure leading to NULL pointer dereference, STR #3516,
  bug #587746).
- Applied patch for CVE-2010-0540 (CUPS administrator web interface
  CSRF, STR #3498, bug #588805).





More information about the El-errata mailing list