Wednesday, March 12, 2014

[USN-2144-1] CUPS vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJTIFDlAAoJEGVp2FWnRL6TcgkP/jFCgZyRMdiVE1IrARKzsoNP
X4O2yjzp4GLG/NoQMXIbL2Y4+Qmcc8KND3c0b4+fFV3EJgAj3NWwB/WFgNXKfuUp
qWk+EiiEL2GW237RSy1cq9euajnEXVWmSj4H/L1SAk3y4Q5LNN1jazQUvnOcW1b5
gb1HrzzSpxCB3Zsqnn9q075EvsmbNVIMOVUvQmbtEDVqOap/YRZpbvU8ZsQLhUko
3Em27srCD9vxkBvVI7LnRW7vlKFiX6Cl6T7SLhaKv/qkp1oJWnTpldw7LcSt1j2+
feTXr8KnjM7yjKevj7hS7WjMVuR/DEdcuR2x5ogJBajM4lbv92VPJNkTEKSgwP5t
cD8Ukc8bjNavn3alua2FCu/6UdfW1kY5T/mi2StPWduBmYA2sg4Vl8ZM+vOVjIQz
oiLEa6MZGsyybozmEbNgU5X2iDTdgFH8SkNQ7T166h2xrW+CeomB2uB7EAdTu8i2
G7c7LnaJrUMYFHQI3QvX6m6zkCmCPFmAdJpa0b0IX76csEAaPl+aMRGBizyQ4zhg
EsQl7JjHRCTPLHe3GfrvtbjqEa81mDBHGRP89vNlLomJJJbyeaUjRoUBa11e9mBR
O4yb9Nz4r+JX6F55nuAsjLmQtZwTyHS2QIGQNREsQcIK6XjyVyShsU8/QO97TbrW
nPV35yX4bQQPoK/n5CIc
=I35u
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-2144-1
March 12, 2014

cups vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

CUPS could be made to run programs as the lp user if it processed a
specially crafted file.

Software Description:
- cups: Common UNIX Printing System(tm)

Details:

Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS
package incorrectly handled memory. An attacker could possibly use this
issue to execute arbitrary code with the privileges of the lp user.
(CVE-2013-6474, CVE-2013-6475)

Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS
package did not restrict driver directories. An attacker could possibly use
this issue to execute arbitrary code with the privileges of the lp user.
(CVE-2013-6476)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
cups 1.4.3-1ubuntu1.10

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2144-1
CVE-2013-6474, CVE-2013-6475, CVE-2013-6476

Package Information:
https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.10

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)