DebianDEBIAN:DLA-0022-1:A7A04[DLA-0022-1] cups security update
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
25.7%
Debian Security Advisory DLA-0022-1
https://wiki.debian.org/LTS
Package : cups
Version : 1.4.4-7+squeeze6
CVE ID : CVE-2014-3537
CVE-2014-5029
CVE-2014-5030
CVE-2014-5031
It was discovered that the web interface in CUPS, the Common UNIX
Printing System, incorrectly validated permissions on rss files and
directory index files. A local attacker could possibly use this issue
to bypass file permissions and read arbitrary files, possibly leading
to a privilege escalation.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 6 | all | cups-dbg | < 1.4.4-7+squeeze6 | cups-dbg_1.4.4-7+squeeze6_all.deb |
| Debian | 6 | all | cups-ppdc | < 1.4.4-7+squeeze6 | cups-ppdc_1.4.4-7+squeeze6_all.deb |
| Debian | 6 | all | libcups2-dev | < 1.4.4-7+squeeze6 | libcups2-dev_1.4.4-7+squeeze6_all.deb |
| Debian | 6 | all | libcupsmime1 | < 1.4.4-7+squeeze6 | libcupsmime1_1.4.4-7+squeeze6_all.deb |
| Debian | 6 | all | cups-common | < 1.4.4-7+squeeze6 | cups-common_1.4.4-7+squeeze6_all.deb |
| Debian | 6 | all | libcupsimage2-dev | < 1.4.4-7+squeeze6 | libcupsimage2-dev_1.4.4-7+squeeze6_all.deb |
| Debian | 6 | all | cups-bsd | < 1.4.4-7+squeeze6 | cups-bsd_1.4.4-7+squeeze6_all.deb |
| Debian | 6 | all | libcupsmime1-dev | < 1.4.4-7+squeeze6 | libcupsmime1-dev_1.4.4-7+squeeze6_all.deb |
| Debian | 6 | all | libcupsppdc1-dev | < 1.4.4-7+squeeze6 | libcupsppdc1-dev_1.4.4-7+squeeze6_all.deb |
| Debian | 6 | all | libcupsdriver1 | < 1.4.4-7+squeeze6 | libcupsdriver1_1.4.4-7+squeeze6_all.deb |
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
25.7%