Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

SciLinux: SLSA-2014:1388-2 Moderate: CUPS Security Risks

Scientific Large Esm H446
Moderate: cups security and bug fix update
Date: Mon, 3 Nov 2014 17:54:39 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: cups on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Moderate: cups security and bug fix update
Advisory ID: SLSA-2014:1388-2
Issue Date: 2014-10-14
CVE Numbers: CVE-2014-2856
 CVE-2014-3537
 CVE-2014-5029
 CVE-2014-5030
 CVE-2014-5031
--

A cross-site scripting (XSS) flaw was found in the CUPS web interface. An
attacker could use this flaw to perform a cross-site scripting attack
against users of the CUPS web interface. (CVE-2014-2856)

It was discovered that CUPS allowed certain users to create symbolic links
in certain directories under /var/cache/cups/. A local user with the 'lp'
group privileges could use this flaw to read the contents of arbitrary
files on the system or, potentially, escalate their privileges on the
system. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031)

After installing this update, the cupsd daemon will be restarted
automatically.
--

SL6
 x86_64
 cups-1.4.2-67.el6.x86_64.rpm
 cups-debuginfo-1.4.2-67.el6.i686.rpm
 cups-debuginfo-1.4.2-67.el6.x86_64.rpm
 cups-libs-1.4.2-67.el6.i686.rpm
 cups-libs-1.4.2-67.el6.x86_64.rpm
 cups-lpd-1.4.2-67.el6.x86_64.rpm
 cups-devel-1.4.2-67.el6.i686.rpm
 cups-devel-1.4.2-67.el6.x86_64.rpm
 cups-php-1.4.2-67.el6.x86_64.rpm
 i386
 cups-1.4.2-67.el6.i686.rpm
 cups-debuginfo-1.4.2-67.el6.i686.rpm
 cups-libs-1.4.2-67.el6.i686.rpm
 cups-lpd-1.4.2-67.el6.i686.rpm
 cups-devel-1.4.2-67.el6.i686.rpm
 cups-php-1.4.2-67.el6.i686.rpm

- Scientific Linux Development Team