CUPS 2.0.2 has been announced on February 9:
It fixes one security issue:
The patch to fix it is attached there. It's not immediately clear from the report of Mageia 4 is affected (will have to check the patch).
A CVE has been requested for this:
Steps to Reproduce:
This has been assigned CVE-2014-9679:
cups new security issue fixed upstream in 2.0.2 =>
cups new security issue fixed upstream in 2.0.2 (CVE-2014-9679)
Fixed in cups-2.0.2-1.mga5 by Thierry. Thanks Thierry!
I confirmed the issue is present in 1.7.0 also.
Patched package uploaded for Mageia 4.
Updated cups packages fix security vulnerability:
A malformed file with an invalid page header and compressed raster data can
trigger a buffer overflow in cupsRasterReadPixels (CVE-2014-9679).
Updated packages in core/updates_testing:
Performed two installations one x86_64 and one i586 with kernel, 3 x nvidia, fglrx, broadcom-wl, vbox, xtables-addons and also glibc, dbus, x11 and cups at the same time.
Printing tested with hp and canon printers. Printers configured, shared etc.
mga4-32-ok mga4-64-ok =>
advisory mga4-32-ok mga4-64-ok
Validating. Please push to 4 updates
An update for this issue has been pushed to Mageia Updates repository.