You are here
Home > Preporuke > Sigurnosni nedostaci programskih paketa cups i cups-filters

Sigurnosni nedostaci programskih paketa cups i cups-filters

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2143-1
March 12, 2014

cups-filters vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS

Summary:

cups-filters could be made to run programs as the lp user if it processed a
specially crafted file.

Software Description:
– cups-filters: OpenPrinting CUPS Filters

Details:

Florian Weimer discovered that cups-filters incorrectly handled memory
in the urftopdf filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user. This issue only
affected Ubuntu 13.10. (CVE-2013-6473)

Florian Weimer discovered that cups-filters incorrectly handled memory
in the pdftoopvp filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user. (CVE-2013-6474,
CVE-2013-6475)

Florian Weimer discovered that cups-filters did not restrict driver
directories in in the pdftoopvp filter. An attacker could possibly use this
issue to execute arbitrary code with the privileges of the lp user.
(CVE-2013-6476)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
cups-filters 1.0.40-0ubuntu1.1

Ubuntu 12.10:
cups-filters 1.0.24-2ubuntu0.2

Ubuntu 12.04 LTS:
cups-filters 1.0.18-0ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2143-1
CVE-2013-6473, CVE-2013-6474, CVE-2013-6475, CVE-2013-6476

Package Information:
https://launchpad.net/ubuntu/+source/cups-filters/1.0.40-0ubuntu1.1
https://launchpad.net/ubuntu/+source/cups-filters/1.0.24-2ubuntu0.2
https://launchpad.net/ubuntu/+source/cups-filters/1.0.18-0ubuntu0.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTIFDGAAoJEGVp2FWnRL6TzEgQAIRQbiCUdVF57yNmXCIYat6A
XQXUzo8Y/+CknXaF5YgBeyPBH9lRS2oD/8OhduFDuB1QQMc9LZFRNGL1Qt2FhpAh
oZ0psrF+f6zBMERF94rMwcr3EaaNqPtqR4AMvGFRPOJ8vSxI4Bi8JrzLwxDE+uZy
1AtEBkE7FC0PjbkZ5wF8McV5HQeSxk/Cb7K1DSgiIB5+0eIqKDnRs2bom8i4r1zx
Q9Ds0eU5Ad3t5kS9I93zVdNnFY4Cicm+1L7tOmS009SBXGXGMLimrQnOVBed4pdw
Y7RlG3m/kr1g6U8nf5mU2jfP6uSy351CQyNKkQew+Yt/6QeN8+TRWMAwxpJ63Yua
DOkZjK/vYammiSUhpZn48NOvY6Np4p2uIheShCIssL7P5mbeyHlUkXuKAwBcwXlW
TxCL7BZ//cR2sLqmfiUKiyusr08jFrMHI8lxpUI4bBNLOAQv2wNbxpjN/TP0g41+
tCXYr/sbQqRc+iTzx8kHt/R7paT4f2wbqkZdUezZKJOY62Kn6nO8I6eFbslN4knV
7hyq7Zae6l94v5CQgnjYVE9qju/pJgbS1rHsg3OHBory+uMsy8gwnbWPW2vSVYSL
n4Ae/tQPPhOkebFTd2Lrk+EMB4ap5iH9Qt8tcYgVreONdQwlVywugRQ1xIA+8U9H
p6uB2xjxEY3YhJNVhj0B
=rXZ2
—–END PGP SIGNATURE—–

ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

==========================================================================
Ubuntu Security Notice USN-2144-1
March 12, 2014

cups vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 10.04 LTS

Summary:

CUPS could be made to run programs as the lp user if it processed a
specially crafted file.

Software Description:
– cups: Common UNIX Printing System(tm)

Details:

Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS
package incorrectly handled memory. An attacker could possibly use this
issue to execute arbitrary code with the privileges of the lp user.
(CVE-2013-6474, CVE-2013-6475)

Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS
package did not restrict driver directories. An attacker could possibly use
this issue to execute arbitrary code with the privileges of the lp user.
(CVE-2013-6476)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
cups 1.4.3-1ubuntu1.10

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2144-1
CVE-2013-6474, CVE-2013-6475, CVE-2013-6476

Package Information:
https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.10

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTIFDlAAoJEGVp2FWnRL6TcgkP/jFCgZyRMdiVE1IrARKzsoNP
X4O2yjzp4GLG/NoQMXIbL2Y4+Qmcc8KND3c0b4+fFV3EJgAj3NWwB/WFgNXKfuUp
qWk+EiiEL2GW237RSy1cq9euajnEXVWmSj4H/L1SAk3y4Q5LNN1jazQUvnOcW1b5
gb1HrzzSpxCB3Zsqnn9q075EvsmbNVIMOVUvQmbtEDVqOap/YRZpbvU8ZsQLhUko
3Em27srCD9vxkBvVI7LnRW7vlKFiX6Cl6T7SLhaKv/qkp1oJWnTpldw7LcSt1j2+
feTXr8KnjM7yjKevj7hS7WjMVuR/DEdcuR2x5ogJBajM4lbv92VPJNkTEKSgwP5t
cD8Ukc8bjNavn3alua2FCu/6UdfW1kY5T/mi2StPWduBmYA2sg4Vl8ZM+vOVjIQz
oiLEa6MZGsyybozmEbNgU5X2iDTdgFH8SkNQ7T166h2xrW+CeomB2uB7EAdTu8i2
G7c7LnaJrUMYFHQI3QvX6m6zkCmCPFmAdJpa0b0IX76csEAaPl+aMRGBizyQ4zhg
EsQl7JjHRCTPLHe3GfrvtbjqEa81mDBHGRP89vNlLomJJJbyeaUjRoUBa11e9mBR
O4yb9Nz4r+JX6F55nuAsjLmQtZwTyHS2QIGQNREsQcIK6XjyVyShsU8/QO97TbrW
nPV35yX4bQQPoK/n5CIc
=I35u
—–END PGP SIGNATURE—–

AutorMarko Stanec
Cert idNCERT-REF-2014-03-0020-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Sigurnosni propust Security Account Manager Remote (SAMR) protokola

Otkriven je sigurnosni propust u Security Account Manager Remote (SAMR) protokolu. Otkriveno je da potencijalni napadači mogu zaobići sigurnosne mehanizme...

Close