Paketname
cups
Datum
2014-05-16
Advisory ID
MDVSA-2014:092
Betroffene Versionen
MES5 i586 , MES5 x86_64

Problembeschreibung

Multiple vulnerabilities has been discovered and corrected in cups:

lppasswd in CUPS before 1.7.1, when running with setuid privileges,
allows local users to read portions of arbitrary files via a
modified HOME environment variable and a symlink attack involving
.cups/client.conf (CVE-2013-6891).

Cross-site scripting (XSS) vulnerability in scheduler/client.c
in Common Unix Printing System (CUPS) before 1.7.2 allows remote
attackers to inject arbitrary web script or HTML via the URL path,
related to the is_path_absolute function (CVE-2014-2856).

The updated packages have been patched to correct these issues.

Aktualisierte Pakete

MES5 i586

 8143b2a3b767ee960c28f10516d55d2a  mes5/i586/cups-1.3.10-0.7mdvmes5.2.i586.rpm
 bc9a8e5908dc217cb7e985dcaa090948  mes5/i586/cups-common-1.3.10-0.7mdvmes5.2.i586.rpm
 64176366b00b7c3e7f7f35f35aafe26d  mes5/i586/cups-serial-1.3.10-0.7mdvmes5.2.i586.rpm
 c4926d589017411ae66815746ee6c6ba  mes5/i586/libcups2-1.3.10-0.7mdvmes5.2.i586.rpm
 2e2ba1cd0bfa7dcd21276255ff4d747c  mes5/i586/libcups2-devel-1.3.10-0.7mdvmes5.2.i586.rpm
 5171a744370db45781755f21d3f56f7c  mes5/i586/php-cups-1.3.10-0.7mdvmes5.2.i586.rpm 
 1658bb3253e9d923361e9a078be83a5b  mes5/SRPMS/cups-1.3.10-0.7mdvmes5.2.src.rpm

MES5 x86_64

 9030814a190e5e1892e9a0d08e88f645  mes5/x86_64/cups-1.3.10-0.7mdvmes5.2.x86_64.rpm
 27119afd41865890903bf904130ee425  mes5/x86_64/cups-common-1.3.10-0.7mdvmes5.2.x86_64.rpm
 e9bdae3ea58237d04e1b0696bc792113  mes5/x86_64/cups-serial-1.3.10-0.7mdvmes5.2.x86_64.rpm
 cae11ff7c5eac9fdd9716526dbcb179d  mes5/x86_64/lib64cups2-1.3.10-0.7mdvmes5.2.x86_64.rpm
 91bbc04883ddcf7c1b7e4f9609a81fd6  mes5/x86_64/lib64cups2-devel-1.3.10-0.7mdvmes5.2.x86_64.rpm
 160961b924ac72272951552d3641a7ec  mes5/x86_64/php-cups-1.3.10-0.7mdvmes5.2.x86_64.rpm 
 1658bb3253e9d923361e9a078be83a5b  mes5/SRPMS/cups-1.3.10-0.7mdvmes5.2.src.rpm

Referenzen