UbuntuUpdates.org

Package "libfontembed1"

Name: libfontembed1

Description:

OpenPrinting CUPS Filters - Font Embed Shared library

Latest version: 1.27.4-1ubuntu0.4
Release: focal (20.04)
Level: updates
Repository: main
Head package: cups-filters
Homepage: https://wiki.linuxfoundation.org/openprinting/

Links


Download "libfontembed1"


Other versions of "libfontembed1" in Focal

Repository Area Version
base main 1.27.4-1
security main 1.27.4-1ubuntu0.4

Changelog

Version: 1.27.4-1ubuntu0.4 2024-10-09 17:07:04 UTC

  cups-filters (1.27.4-1ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: more complete fix for CVE-2024-47176
    - debian/patches/CVE-2024-47176-2.patch: completely remove support for
      legacy CUPS protocol and LDAP.
    - CVE-2024-47176
  * debian/patches/sec-202409-1.patch: renamed to CVE-2024-47076.patch.
  * debian/patches/sec-202409-2.patch: renamed to CVE-2024-47176-1.patch.

 -- Marc Deslauriers <email address hidden> Tue, 08 Oct 2024 07:51:02 -0400

Source diff to previous version
CVE-2024-47176 CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, aut
CVE-2024-47076 CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as

Version: 1.27.4-1ubuntu0.3 2024-09-27 01:06:58 UTC

  cups-filters (1.27.4-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: PPD injection issues (LP: #2082335)
    - debian/patches/sec-202409-1.patch: validate response attributes
      before return in cupsfilters/ipp.c.
    - debian/patches/sec-202409-2.patch: disable legacy CUPS protocol in
      configure.ac.
    - CVE number pending

 -- Marc Deslauriers <email address hidden> Thu, 26 Sep 2024 10:22:31 -0400

Source diff to previous version

Version: 1.27.4-1ubuntu0.2 2023-05-17 18:07:20 UTC

  cups-filters (1.27.4-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: code execution in beh CUPS backend
    - debian/patches/CVE-2023-24805-1.patch: use execv() instead of
      system() in backend/beh.c.
    - debian/patches/CVE-2023-24805-2.patch: extra checks against
      odd/forged input in backend/beh.c.
    - debian/patches/CVE-2023-24805-3.patch: further improvements in
      backend/beh.c.
    - CVE-2023-24805

 -- Marc Deslauriers <email address hidden> Mon, 15 May 2023 10:35:05 -0400




About   -   Send Feedback to @ubuntu_updates