[SECURITY] [DSA 2990-1] cups security update

2014-07-2714:18:27

lists.debian.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Debian Security Advisory DSA-2990-1 [email protected]
http://www.debian.org/security/ Salvatore Bonaccorso
July 27, 2014 http://www.debian.org/security/faq

Package : cups
CVE ID : CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031

It was discovered that the web interface in CUPS, the Common UNIX
Printing System, incorrectly validated permissions on rss files and
directory index files. A local attacker could possibly use this issue
to bypass file permissions and read arbitrary files, possibly leading
to a privilege escalation.

For the stable distribution (wheezy), these problems have been fixed in
version 1.5.3-5+deb7u4.

For the unstable distribution (sid), these problems have been fixed in
version 1.7.4-2.

We recommend that you upgrade your cups packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7kfreebsd-amd64cups< 1.5.3-5+deb7u4cups_1.5.3-5+deb7u4_kfreebsd-amd64.deb
Debian7mipsellibcupsdriver1-dev< 1.5.3-5+deb7u4libcupsdriver1-dev_1.5.3-5+deb7u4_mipsel.deb
Debian7armhfcups-dbg< 1.5.3-5+deb7u4cups-dbg_1.5.3-5+deb7u4_armhf.deb
Debian7sparclibcupsdriver1< 1.5.3-5+deb7u4libcupsdriver1_1.5.3-5+deb7u4_sparc.deb
Debian7armellibcupsppdc1< 1.5.3-5+deb7u4libcupsppdc1_1.5.3-5+deb7u4_armel.deb
Debian7ia64cups< 1.5.3-5+deb7u4cups_1.5.3-5+deb7u4_ia64.deb
Debian7kfreebsd-i386libcupsdriver1< 1.5.3-5+deb7u4libcupsdriver1_1.5.3-5+deb7u4_kfreebsd-i386.deb
Debian6i386libcupsmime1< 1.4.4-7+squeeze6libcupsmime1_1.4.4-7+squeeze6_i386.deb
Debian7armellibcupsimage2-dev< 1.5.3-5+deb7u4libcupsimage2-dev_1.5.3-5+deb7u4_armel.deb
Debian7mipslibcupscgi1-dev< 1.5.3-5+deb7u4libcupscgi1-dev_1.5.3-5+deb7u4_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	kfreebsd-amd64	cups	< 1.5.3-5+deb7u4	cups_1.5.3-5+deb7u4_kfreebsd-amd64.deb
Debian	7	mipsel	libcupsdriver1-dev	< 1.5.3-5+deb7u4	libcupsdriver1-dev_1.5.3-5+deb7u4_mipsel.deb
Debian	7	armhf	cups-dbg	< 1.5.3-5+deb7u4	cups-dbg_1.5.3-5+deb7u4_armhf.deb
Debian	7	sparc	libcupsdriver1	< 1.5.3-5+deb7u4	libcupsdriver1_1.5.3-5+deb7u4_sparc.deb
Debian	7	armel	libcupsppdc1	< 1.5.3-5+deb7u4	libcupsppdc1_1.5.3-5+deb7u4_armel.deb
Debian	7	ia64	cups	< 1.5.3-5+deb7u4	cups_1.5.3-5+deb7u4_ia64.deb
Debian	7	kfreebsd-i386	libcupsdriver1	< 1.5.3-5+deb7u4	libcupsdriver1_1.5.3-5+deb7u4_kfreebsd-i386.deb
Debian	6	i386	libcupsmime1	< 1.4.4-7+squeeze6	libcupsmime1_1.4.4-7+squeeze6_i386.deb
Debian	7	armel	libcupsimage2-dev	< 1.5.3-5+deb7u4	libcupsimage2-dev_1.5.3-5+deb7u4_armel.deb
Debian	7	mips	libcupscgi1-dev	< 1.5.3-5+deb7u4	libcupscgi1-dev_1.5.3-5+deb7u4_mips.deb