CUPS Cloud Print Release – security enhancements

OpenSUSE developers have recently been conducting a secutity audit of CUPS Cloud Print as a precurser to including the software in their default repositories. As a result of this audit, they have discovered a few potential vulnerabilities, which this release ( version 20140814.2 ) fixes.

This upgrade should be rolling out to the CUPS Cloud Print repositories currently, and should be availably the next time you update packages on your machines.


  • Fix: Upgrade script error no longer prevents Mac OS X installation
  • Fix: Strip control chars when sanitising text
  • Fix: Fixed printing from stdin, detect mimetypes from job types
  • Change: Upgraded oauth2client to v1.4.2
  • Change: Stop writing temp files to disk
  • Change: Stop writing base64 encoded files to disk
  • Change: Require ‘which’ and ‘file’ packages in rpm ( dummy ‘which’ package added for OpenSUSE )
  • Change: Require python-six for latest oauth2client version
  • Change: Prevent capabilities prefixed with ‘cups’, or other ones that could point to binaries being used to populate ppd with potentially arbitrary commands from GCP
  • Change: Dont write temp ppd files in script
  • Change: Backend now only accepts data from stdin, and refuses to read files passed in