CUPS Cloud Print Release – security enhancements
OpenSUSE developers have recently been conducting a secutity audit of CUPS Cloud Print as a precurser to including the software in their default repositories. As a result of this audit, they have discovered a few potential vulnerabilities, which this release ( version 20140814.2 ) fixes.
This upgrade should be rolling out to the CUPS Cloud Print repositories currently, and should be availably the next time you update packages on your machines.
- Fix: Upgrade script error no longer prevents Mac OS X installation
- Fix: Strip control chars when sanitising text
- Fix: Fixed printing from stdin, detect mimetypes from job types
- Change: Upgraded oauth2client to v1.4.2
- Change: Stop writing temp files to disk
- Change: Stop writing base64 encoded files to disk
- Change: Require ‘which’ and ‘file’ packages in rpm ( dummy ‘which’ package added for OpenSUSE )
- Change: Require python-six for latest oauth2client version
- Change: Prevent capabilities prefixed with ‘cups’, or other ones that could point to binaries being used to populate ppd with potentially arbitrary commands from GCP
- Change: Dont write temp ppd files in reportissues.py script
- Change: Backend now only accepts data from stdin, and refuses to read files passed in