Common UNIX Printing System 1.1.23

Michael Sweet mike at
Mon Jan 3 12:37:45 PST 2005

The 1.1.23 release of the Common UNIX Printing System ("CUPS")
is now available for download from the CUPS web site at:

CUPS 1.1.23 is a bug fix release which fixes two security
vulnerabilities reported by Daniel J. Bernstein (djb at
The new release also contains other minor bug and documentation
fixes that are not security related.

CUPS provides a portable printing layer for UNIX(r)-based
operating systems.  It has been developed by Easy Software
Products to promote a standard printing solution for all UNIX
vendors and users.  CUPS provides the System V and Berkeley
command-line interfaces.

CUPS uses the Internet Printing Protocol ("IPP") as the basis
for managing print jobs and queues.  The Line Printer Daemon
("LPD") Server Message Block ("SMB"), and AppSocket (a.k.a.
JetDirect) protocols are also supported with reduced
functionality.  CUPS adds network printer browsing and
PostScript Printer Description ("PPD") based printing options to
support real-world printing under UNIX.

CUPS includes an image file RIP that supports printing of image
files to non-PostScript printers.  A customized version of GNU
Ghostscript 7.07 for CUPS called ESP Ghostscript is available
separately to support printing of PostScript files within the
CUPS driver framework.  Sample drivers for Dymo, EPSON, HP, and
OKIDATA printers are included that use these filters.

Drivers for thousands of printers are provided with our ESP
Print Pro software, available at:

CUPS is licensed under the GNU General Public License and GNU
Library General Public License.  Please contact Easy Software
Products for commercial support and "binary distribution"

Changes in v1.1.23 include:

	- Updated the Spanish man pages (STR #1041)
	- The lpstat man page contained a typo (STR #1040)
	- The scheduler's is_path_absolute() code could cause a
	  DoS (STR #1042)
	- The scheduler's device loading code used the wrong
	  size limits for the make/model and info parameters
	  (STR #1035)
	- The PNG loading code did not use a "long unsigned
	  integer" format specifier for the width and height
	  (STR #1032)
	- The web interface only showed the first 4 or 8
	  characters of "{variable-name}" for undefined template
	  variables (STR #1031)
	- The hpgltops filter did not handle a common PCL
	  command to enter HP-GL/2 mode (STR #1037)

	- The lpr man page did not document the "-U" option (STR
	- The scheduler no longer sends the page-set option when
	  printing banner pages (STR #995)
	- Fixed a debug message in the imagetops filter (STR
	- The lprm man page listed the "-" option in the wrong
	  order (STR #911)
	- The hpgltops filter contained two buffer overflows
	  that could potentially allow remote access to the "lp"
	  account (STR #1024)
	- The lppasswd command did not protect against file
	  descriptor or ulimit attacks (STR #1023)
	- The "lpc status" command used the wrong resource path
	  when querying the list of printers and jobs, causing
	  unnecessary authentication requests (STR #1018)
	- The httpWait() function did not handle signal
	  interruptions (STR #1020)
	- The USB backend used the wrong size status variable
	  when checking the printer status (STR #1017)
	- The scheduler did not delete classes from other
	  classes or implicit classes, which could cause a crash
	  (STR #1015)
	- The IPP backend now logs the remote print job ID at
	  log level NOTICE instead of INFO (so it shows up in
	  the error_log file...)


More information about the cups mailing list