Lucene search

Gentoo FoundationMGASA-2014-0170

HistoryApr 15, 2014 - 10:10 p.m.

Updated cups-filters packages fix security vulnerabilities

2014-04-1522:10:43

Gentoo Foundation

advisories.mageia.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.114 Low

EPSS

Percentile

95.3%

JSON

Updated cups-filters packages fix security vulnerabilities: Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6473). Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6474, CVE-2013-6475). Florian Weimer discovered that cups-filters did not restrict driver directories in in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6476).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchcups-filters< 1.0.41-3.2cups-filters-1.0.41-3.2.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	cups-filters	< 1.0.41-3.2	cups-filters-1.0.41-3.2.mga4

References

www.ubuntu.com/usn/usn-2143-1/

bugs.mageia.org/show_bug.cgi?id=13002

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.114 Low

EPSS

Percentile

95.3%

JSON

Related for MGASA-2014-0170