You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa cups

Sigurnosni nedostatak programskog paketa cups

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2172-1
April 24, 2014

cups vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 13.10
– Ubuntu 12.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

CUPS could be made to expose sensitive information over the network.

Software Description:
– cups: Common UNIX Printing System(tm)

Details:

Alex Korobkin discovered that the CUPS web interface incorrectly protected
against cross-site scripting (XSS) attacks. If an authenticated user were
tricked into visiting a malicious website while logged into CUPS, a remote
attacker could modify the CUPS configuration and possibly steal
confidential data.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
cups 1.7.0~rc1-0ubuntu5.3

Ubuntu 12.10:
cups 1.6.1-0ubuntu11.6

Ubuntu 12.04 LTS:
cups 1.5.3-0ubuntu8.2

Ubuntu 10.04 LTS:
cups 1.4.3-1ubuntu1.11

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2172-1
CVE-2014-2856

Package Information:
https://launchpad.net/ubuntu/+source/cups/1.7.0~rc1-0ubuntu5.3
https://launchpad.net/ubuntu/+source/cups/1.6.1-0ubuntu11.6
https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu8.2
https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.11

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTWTK+AAoJEGVp2FWnRL6TqM4QAIaV5GENhX9EizEgZO/FW+2G
nO6/z0XI57KG3/DH0zjWyYWv+gZteyIrj1auTzrtBsu2+4xPYgyli8+8wFUfL2ZZ
2U/oPTP1gbgwmv88UMRdLtHeinp8g1SXnKEGWFRnqBLG48vk6+QuAZ1wMHkszqZu
kANJRAcktQ8UDaIAIKj210zvF7cTZkhmMHc+NtvdyONrJ4stveL2qmx6LFUMPx/7
lgburI/CeHYA+EfF9T+9WmmShCfUChwb/6fgWwTOgUjXIHMQ2U+U5sHgWdMAnVSz
jnSS5UCP2xXY9ADl8oqxlktFJYylTwHWn0p/RYi5u8fIqAkGkI45hhj0TWp/QSY3
KO2d+H3Y39vab/4lcA/ZWAwkoHvD39Dd3sAKtjLMSvndkS4M9DzKXGWoKXutXFpt
jEq3F5uloC/MzjZdsvqdugs5NYisFNhuyhSaMl/U+dfIKy+vqW/bnCquxorAiE4I
loi7LlfUicY47GYWBST4obpAbBWMLdY/n82h6dmO+H62MHGqmeLQv2xfQ/qRLGiM
0f5WKau92os3FmWHWMBrkroYjKE0sBRzeXmurEo+LCNGjDG6IeQE+RQlqmW0X6+y
HYuqklR6GvWAiWdtjgUNzOpsnNryEBZAD0Qfx2zSpadJxkrXcEiyjWI409AsXoVd
tjwN+IqcKr1G0D1VETnW
=OhoX
—–END PGP SIGNATURE—–

AutorMarijo Plepelic
Cert idNCERT-REF-2014-04-0017-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Ranjivosti programskog paketa qemu-kvm-rhev

Otkriveno je više ranjivosti kod programskog paketa qemu-kvm-rhev za RHEL 6. Ranjivosti su posljedica višestrukog cjelobrojnog prepisivanja, logičkih grešaka, neprovjeravanja...

Close