This update for cups fixes the following issues:
Update to version 2.4.16.
Security issues fixed:
- CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other
clients (bsc#1244057).
- CVE-2025-58060: authentication bypass with AuthType negotiate (bsc#1249049).
- CVE-2025-58364: unsafe deserialization and validation of printer attributes can lead to null dereference
(bsc#1249128).
- CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues (bsc#1253783).
Other updates and bugfixes:
-
Version upgrade to 2.4.16:
- 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences,
potentially reading past the end of the source string
(Issue #1438)
- The web interface did not support domain usernames fully
(Issue #1441)
- Fixed an infinite loop issue in the GTK+ print dialog
(Issue #1439 bsc#1254353)
- Fixed stopping scheduler on unknown directive in
configuration (Issue #1443)
-
Version upgrade to 2.4.15:
- Fixed potential crash in 'cups-driverd' when there are
duplicate PPDs (Issue #1355)
- Fixed error recovery when scanning for PPDs
in 'cups-driverd' (Issue #1416)
-
Fix packages for Immutable Mode - cups (jsc#PED-14775,jsc#PED-14688)
-
Version upgrade to 2.4.14.
-
Version upgrade to 2.4.13:
- Added 'print-as-raster' printer and job attributes
for forcing rasterization (Issue #1282)
- Updated documentation (Issue #1086)
- Updated IPP backend to try a sanitized user name if the
printer/server does not like the value (Issue #1145)
- Updated the scheduler to send the "printer-added"
or "printer-modified" events whenever an IPP Everywhere PPD
is installed (Issue #1244)
- Updated the scheduler to send the "printer-modified" event
whenever the system default printer is changed (Issue #1246)
- Fixed a memory leak in 'httpClose' (Issue #1223)
- Fixed missing commas in 'ippCreateRequestedArray'
(Issue...