Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

Ubuntu 15.04 LTS USN-2629-1 Critical: CUPS Permission Escalation

ubuntu
Calendar Grey June 10, 2015
Dist Ubuntu Esm H88
=========================================================================Ubuntu Security Notice USN-
Several security issues were fixed in CUPS.

Summary

Several security issues were fixed in CUPS.

Software Description:

- cups: Common UNIX Printing System(tm)

Details:

It was discovered that CUPS incorrectly handled reference counting when

handling localized strings. A remote attacker could use this issue to

escalate permissions, upload a replacement CUPS configuration file, and

execute arbitrary code. (CVE-2015-1158)

It was discovered that the CUPS templating engine contained a cross-site

scripting issue. A remote attacker could use this issue to bypass default

configuration settings. (CVE-2015-1159)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  cups                            2.0.2-1ubuntu3.1

Ubuntu 14.10:
  cups                            1.7.5-3ubuntu3.2

Ubuntu 14.04 LTS:
  cups                            1.7.2-0ubuntu1.6

Ubuntu 12.04 LTS:
  cups                            1.5.3-0ubuntu8.7

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2629-1

CVE-2015-1158, CVE-2015-1159

Severity
critical
Lowest
Low
Medium
High
Critical

June 10, 2015

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.