[El-errata] ELSA-2013-0580 Moderate: Oracle Linux 6 cups security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Feb 28 19:01:10 PST 2013
Oracle Linux Security Advisory ELSA-2013-0580
https://rhn.redhat.com/errata/RHSA-2013-0580.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
cups-1.4.2-50.el6_4.4.i686.rpm
cups-devel-1.4.2-50.el6_4.4.i686.rpm
cups-libs-1.4.2-50.el6_4.4.i686.rpm
cups-lpd-1.4.2-50.el6_4.4.i686.rpm
cups-php-1.4.2-50.el6_4.4.i686.rpm
x86_64:
cups-1.4.2-50.el6_4.4.x86_64.rpm
cups-devel-1.4.2-50.el6_4.4.i686.rpm
cups-devel-1.4.2-50.el6_4.4.x86_64.rpm
cups-libs-1.4.2-50.el6_4.4.i686.rpm
cups-libs-1.4.2-50.el6_4.4.x86_64.rpm
cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm
cups-php-1.4.2-50.el6_4.4.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/cups-1.4.2-50.el6_4.4.src.rpm
Description of changes:
[1:1.4.2-50:.4]
- Added BrowseLDAPCACertFile and PrintcapGUI to restricted options
list.
[1:1.4.2-50:.3]
- Fix for CVE-2012-5519 patch: handle blacklisted lines that have no
value part gracefully.
[1:1.4.2-50:.2]
- Added documentation for new CVE-2012-5519 option.
[1:1.4.2-50:.1]
- Applied patch to fix CVE-2012-5519 (privilege escalation for users
in SystemGroup or with equivalent polkit permission). This prevents
HTTP PUT requests with paths under /admin/conf/ other than that for
cupsd.conf, and also prevents such requests altering certain
configuration directives such as PageLog and FileDevice (bug #875898).
[1:1.4.2-50]
- Fixed LDAP browsing issues (bug #870386).
[1:1.4.2-49]
- Avoid "forbidden" error when moving job between queues via web UI
More information about the El-errata
mailing list