The vulnerabilities are serious, and remotely exploitable. The CUPS versions affected are ones prior to 1.1.18, so ensure you upgrade now.
Although your favourite vendor is likely to have issued a security advisory already, it’s worth repeating the warning because CUPS has become widely developed of late. It’s an excellent piece of software that addresses one of the largest missing pieces in the Unix and clones puzzle: easy printing.
CUPS uses the internet printing protocol (IPP), which I looked into many years ago. Hewlett-Packard was very excited about it, and mentioned fanciful applications like print-on-demand for creating newspapers on the fly for train and plane travellers, for instance.
I’m a happy CUPS camper myself: it’s running on my Linux server, and thanks to IPP, I can print easily from Windows XP systems, Unix machines and even the Apple iLamp (MacOS X 10.2 comes with CUPS, which makes remote and local print sharing easy). As long as the client operating system understands IPP, all you need to do is enter a certain command and you’re away. CUPS can be made to support a raft of different printers, using Postscript printer description files (even Windows ones) plus the Ghostscript Postscript interpreter, and it integrates well with Samba, the open source CIFS file sharing server.
On a more positive note, on January 19 FreeBSD 5.0 was finally released, after plenty of hard work from the project members and users testing, breaking and filing bug reports for the pre-releases.
The key improvements in 5.0 over previous FreeBSD versions include:
- Extended and improved multiprocessor support. SMP is now possible on all the platforms FreeBSD runs on –Alpha, Intel i386 and IA-64, Sun Sparc-64 and PC98. Up to sixteen CPUs are supported, but currently no more than eight per machine are recommended.
- The kernel schedulable entities, which implement a high-performance many-to-many multiprocessor threading model.
- New file system features such as background checks for quicker start-up in disaster recovery situations; snapshots that allow administrators to duplicate file systems in real time; and extended attributes for access control lists, capability data support and mandatory access control labels.
- New file systems have been introduced, including basic support for UFS2 which has 64-bit pointers and can handle huge, larger-than-1TB disks.
- Expanded hardware support – advanced configuration and power interface (ACPI), Bluetooth, IEEE-1394 FireWire and support for hardware cryptographic acceleration.
Doug Barton, the BIND maintainer and committer for FreeBSD, explains whyhere. Barton also says that the 8.3.3 version included has been patched to deal with the vulnerabilities announced by ISC and that he’s working on an update to the BIND 9 port to add the PORT_REPLACES_BASE option that BIND 8 has, to make it easy for those users who need the additional features of the latter name resolution server.
Murray Stokely, a member of the FreeBSD release engineering team and head of engineering at FreeBSD Mall, says the release represents its largest engineering success to date, and doesn't sacrifice the expected reliability for new functionality.
Stressing the conservative approach of the FreeBSD project which emphasises stability, Mah says that “users who require a more tested code base may find [the previous release series] 4.x a better match for their needs”. Mah recommends that users upgrading to or installing 5.0 for the first time read carefully the early adopter’s guide bundled with the release.
In case you've missed it, FreeBSD is an open source Unix-like operating system, available for free. It’s based on the Berkeley Software Distribution and the FreeBSD Project has several thousands of developers working on it, around the world. Their work is funnelled through a team of experienced committers, a development model which has created a rock-solid, high-performance OS deployed by large organisations like Yahoo and cdrom.com. Apple has also hired a number of FreeBSD project members to move the underlying operating system for MacOS X, Darwin, to a FreeBSD core.
Get FreeBSD for err, free, from your nearest FTP or HTTP mirror – seewww.nz.freebsd.org for details. Saarinen is an Auckland IT consultant and IDG contributor. Send letters for publication in Computerworld NZ to Computerworld Letters.