Lucene search

SuseOPENSUSE-SU-2015:1056-1

HistoryJun 12, 2015 - 9:05 p.m.

Security update for cups (critical)

2015-06-1221:05:05

lists.opensuse.org

0.937 High

EPSS

Percentile

98.9%

JSON

This update fixes the following issues:

CVE-2015-1158 and CVE-2015-1159 fixes a possible privilege escalation
via cross-site scripting and bad print job submission used to replace
cupsd.conf on server (CUPS STR#4609 CERT-VU-810572 CVE-2015-1158
CVE-2015-1159 bugzilla.suse.com bsc#924208). In general it is crucial to
limit access to CUPS to trustworthy users who do not misuse their
permission to submit print jobs which means to upload arbitrary data
onto the CUPS server, see
<a href=“https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings”>https://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings</a> and cf. the
entries about CVE-2012-5519 below.

OSVersionArchitecturePackageVersionFilename
openSUSE13.2x86_64cups-debuginfo< 1.5.4-21.9.1cups-debuginfo-1.5.4-21.9.1.x86_64.rpm
openSUSE13.1i586cups-client< 1.5.4-12.20.1cups-client-1.5.4-12.20.1.i586.rpm
openSUSE13.1x86_64cups-debugsource< 1.5.4-12.20.1cups-debugsource-1.5.4-12.20.1.x86_64.rpm
openSUSE13.1i586cups-libs< 1.5.4-12.20.1cups-libs-1.5.4-12.20.1.i586.rpm
openSUSE13.1x86_64cups-ddk< 1.5.4-12.20.1cups-ddk-1.5.4-12.20.1.x86_64.rpm
openSUSE13.2x86_64cups-libs-debuginfo-32bit< 1.5.4-21.9.1cups-libs-debuginfo-32bit-1.5.4-21.9.1.x86_64.rpm
openSUSE13.2i586cups-ddk< 1.5.4-21.9.1cups-ddk-1.5.4-21.9.1.i586.rpm
openSUSE13.2i586cups-debugsource< 1.5.4-21.9.1cups-debugsource-1.5.4-21.9.1.i586.rpm
openSUSE13.1x86_64cups-devel< 1.5.4-12.20.1cups-devel-1.5.4-12.20.1.x86_64.rpm
openSUSE13.1i586cups-debuginfo< 1.5.4-12.20.1cups-debuginfo-1.5.4-12.20.1.i586.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	13.2	x86_64	cups-debuginfo	< 1.5.4-21.9.1	cups-debuginfo-1.5.4-21.9.1.x86_64.rpm
openSUSE	13.1	i586	cups-client	< 1.5.4-12.20.1	cups-client-1.5.4-12.20.1.i586.rpm
openSUSE	13.1	x86_64	cups-debugsource	< 1.5.4-12.20.1	cups-debugsource-1.5.4-12.20.1.x86_64.rpm
openSUSE	13.1	i586	cups-libs	< 1.5.4-12.20.1	cups-libs-1.5.4-12.20.1.i586.rpm
openSUSE	13.1	x86_64	cups-ddk	< 1.5.4-12.20.1	cups-ddk-1.5.4-12.20.1.x86_64.rpm
openSUSE	13.2	x86_64	cups-libs-debuginfo-32bit	< 1.5.4-21.9.1	cups-libs-debuginfo-32bit-1.5.4-21.9.1.x86_64.rpm
openSUSE	13.2	i586	cups-ddk	< 1.5.4-21.9.1	cups-ddk-1.5.4-21.9.1.i586.rpm
openSUSE	13.2	i586	cups-debugsource	< 1.5.4-21.9.1	cups-debugsource-1.5.4-21.9.1.i586.rpm
openSUSE	13.1	x86_64	cups-devel	< 1.5.4-12.20.1	cups-devel-1.5.4-12.20.1.x86_64.rpm
openSUSE	13.1	i586	cups-debuginfo	< 1.5.4-12.20.1	cups-debuginfo-1.5.4-12.20.1.i586.rpm

Rows per page:

1-10 of 441

References

bugzilla.suse.com/924208