Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Scientific Linux: 2015:1123-1 Critical CUPS Security Update Available

Calendar Jun 17, 2015 User Avatar LinuxSecurity Advisories
4 - 8 min read
Scientific Large Esm H500
Topics%20covered

Topics Covered

security advisory important update x86_64 i386 scientific linux cups issue
Important: cups security update 
Date: Tue, 16 Jun 2015 08:28:15 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

ccs-0.16.2-75.el6_6.2.i686.rpm
chkconfig-1.3.49.3-5.el6.i686.rpm
db4-4.7.25-19.el6_6.i686.rpm
db4-cxx-4.7.25-19.el6_6.i686.rpm
db4-devel-4.7.25-19.el6_6.i686.rpm
db4-devel-static-4.7.25-19.el6_6.i686.rpm
db4-java-4.7.25-19.el6_6.i686.rpm
db4-tcl-4.7.25-19.el6_6.i686.rpm
db4-utils-4.7.25-19.el6_6.i686.rpm
environment-modules-3.2.10-2.el6.i686.rpm
kmod-hpsa-3.4.4_1_RH4-1.el6_5.i686.rpm
ntsysv-1.3.49.3-5.el6.i686.rpm
poppler-0.12.4-4.el6_6.1.i686.rpm
poppler-devel-0.12.4-4.el6_6.1.i686.rpm
poppler-glib-0.12.4-4.el6_6.1.i686.rpm
poppler-glib-devel-0.12.4-4.el6_6.1.i686.rpm
poppler-qt-0.12.4-4.el6_6.1.i686.rpm
poppler-qt4-0.12.4-4.el6_6.1.i686.rpm
poppler-qt4-devel-0.12.4-4.el6_6.1.i686.rpm
poppler-qt-devel-0.12.4-4.el6_6.1.i686.rpm
poppler-utils-0.12.4-4.el6_6.1.i686.rpm
resource-agents-3.9.5-12.el6_6.6.i686.rpm
ricci-0.16.2-75.el6_6.2.i686.rpm

x86_64:
ccs-0.16.2-75.el6_6.2.x86_64.rpm
chkconfig-1.3.49.3-5.el6.x86_64.rpm
db4-4.7.25-19.el6_6.i686.rpm
db4-4.7.25-19.el6_6.x86_64.rpm
db4-cxx-4.7.25-19.el6_6.i686.rpm
db4-cxx-4.7.25-19.el6_6.x86_64.rpm
db4-devel-4.7.25-19.el6_6.i686.rpm
db4-devel-4.7.25-19.el6_6.x86_64.rpm
db4-devel-static-4.7.25-19.el6_6.x86_64.rpm
db4-java-4.7.25-19.el6_6.x86_64.rpm
db4-tcl-4.7.25-19.el6_6.x86_64.rpm
db4-utils-4.7.25-19.el6_6.x86_64.rpm
environment-modules-3.2.10-2.el6.x86_64.rpm
fence-sanlock-2.8-2.el6_5.x86_64.rpm
kmod-hpsa-3.4.4_1_RH4-1.el6_5.x86_64.rpm
ntsysv-1.3.49.3-5.el6.x86_64.rpm
poppler-0.12.4-4.el6_6.1.i686.rpm
poppler-0.12.4-4.el6_6.1.x86_64.rpm
poppler-devel-0.12.4-4.el6_6.1.i686.rpm
poppler-devel-0.12.4-4.el6_6.1.x86_64.rpm
poppler-glib-0.12.4-4.el6_6.1.i686.rpm
poppler-glib-0.12.4-4.el6_6.1.x86_64.rpm
poppler-glib-devel-0.12.4-4.el6_6.1.i686.rpm
poppler-glib-devel-0.12.4-4.el6_6.1.x86_64.rpm
poppler-qt-0.12.4-4.el6_6.1.i686.rpm
poppler-qt-0.12.4-4.el6_6.1.x86_64.rpm
poppler-qt4-0.12.4-4.el6_6.1.i686.rpm
poppler-qt4-0.12.4-4.el6_6.1.x86_64.rpm
poppler-qt4-devel-0.12.4-4.el6_6.1.i686.rpm
poppler-qt4-devel-0.12.4-4.el6_6.1.x86_64.rpm
poppler-qt-devel-0.12.4-4.el6_6.1.i686.rpm
poppler-qt-devel-0.12.4-4.el6_6.1.x86_64.rpm
poppler-utils-0.12.4-4.el6_6.1.x86_64.rpm
resource-agents-3.9.5-12.el6_6.6.x86_64.rpm
ricci-0.16.2-75.el6_6.2.x86_64.rpm
sanlock-2.8-2.el6_5.x86_64.rpm
sanlock-devel-2.8-2.el6_5.x86_64.rpm
sanlock-lib-2.8-2.el6_5.x86_64.rpm
sanlock-python-2.8-2.el6_5.x86_64.rpm
Date: Tue, 16 Jun 2015 08:45:12 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 7x x86_64 now available
MIME-Version: 1.0

The following FASTBUGS have been uploaded to

x86_64:
ibus-1.5.3-12.el7.i686.rpm
ibus-1.5.3-12.el7.x86_64.rpm
ibus-devel-1.5.3-12.el7.i686.rpm
ibus-devel-1.5.3-12.el7.x86_64.rpm
ibus-devel-docs-1.5.3-12.el7.noarch.rpm
ibus-gtk2-1.5.3-12.el7.i686.rpm
ibus-gtk2-1.5.3-12.el7.x86_64.rpm
ibus-gtk3-1.5.3-12.el7.x86_64.rpm
ibus-libs-1.5.3-12.el7.i686.rpm
ibus-libs-1.5.3-12.el7.x86_64.rpm
ibus-pygtk2-1.5.3-12.el7.noarch.rpm
ibus-setup-1.5.3-12.el7.noarch.rpm
libkkc-0.3.1-8.el7.i686.rpm
libkkc-0.3.1-8.el7.x86_64.rpm
libkkc-common-0.3.1-8.el7.noarch.rpm
libkkc-data-0.3.1-8.el7.x86_64.rpm
libkkc-devel-0.3.1-8.el7.i686.rpm
libkkc-devel-0.3.1-8.el7.x86_64.rpm
libkkc-tools-0.3.1-8.el7.x86_64.rpm
Date: Wed, 17 Jun 2015 22:05:51 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: cups on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: cups security update
Advisory ID: SLSA-2015:1123-1
Issue Date: 2015-06-17
CVE Numbers: CVE-2014-9679
 CVE-2015-1158
 CVE-2015-1159
--

A string reference count bug was found in cupsd, causing premature freeing
of string objects. An attacker can submit a malicious print job that
exploits this flaw to dismantle ACLs protecting privileged operations,
allowing a replacement configuration file to be uploaded which in turn
allows the attacker to run arbitrary code in the CUPS server
(CVE-2015-1158)

A cross-site scripting flaw was found in the cups web templating engine.
An attacker could use this flaw to bypass the default configuration
settings that bind the CUPS scheduler to the 'localhost' or loopback
interface. (CVE-2015-1159)

An integer overflow leading to a heap-based buffer overflow was found in
the way cups handled compressed raster image files. An attacker could
create a specially-crafted image file, which when passed via the cups
Raster filter, could cause the cups filter to crash. (CVE-2014-9679)

After installing this update, the cupsd daemon will be restarted
automatically.
--

SL6
 x86_64
 cups-1.4.2-67.el6_6.1.x86_64.rpm
 cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm
 cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm
 cups-libs-1.4.2-67.el6_6.1.i686.rpm
 cups-libs-1.4.2-67.el6_6.1.x86_64.rpm
 cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm
 cups-devel-1.4.2-67.el6_6.1.i686.rpm
 cups-devel-1.4.2-67.el6_6.1.x86_64.rpm
 cups-php-1.4.2-67.el6_6.1.x86_64.rpm
 i386
 cups-1.4.2-67.el6_6.1.i686.rpm
 cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm
 cups-libs-1.4.2-67.el6_6.1.i686.rpm
 cups-lpd-1.4.2-67.el6_6.1.i686.rpm
 cups-devel-1.4.2-67.el6_6.1.i686.rpm
 cups-php-1.4.2-67.el6_6.1.i686.rpm
SL7
 x86_64
 cups-1.6.3-17.el7_1.1.x86_64.rpm
 cups-client-1.6.3-17.el7_1.1.x86_64.rpm
 cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm
 cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm
 cups-libs-1.6.3-17.el7_1.1.i686.rpm
 cups-libs-1.6.3-17.el7_1.1.x86_64.rpm
 cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm
 cups-devel-1.6.3-17.el7_1.1.i686.rpm
 cups-devel-1.6.3-17.el7_1.1.x86_64.rpm
 cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm
 noarch
 cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm

- Scientific Linux Development Team

Related News

Your message here