You are here
Home > Preporuke > Sigurnosni propust programskog paketa cups

Sigurnosni propust programskog paketa cups

by ncert - 0
  • Detalji os-a: LUB
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2293-1
July 21, 2014

cups vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

CUPS could be made to expose sensitive information, leading to privilege
escalation.

Software Description:
– cups: Common UNIX Printing System(tm)

Details:

Francisco Alonso discovered that the CUPS web interface incorrectly
validated permissions on rss files. A local attacker could possibly use
this issue to bypass file permissions and read arbitrary files, possibly
leading to a privilege escalation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
cups 1.7.2-0ubuntu1.1

Ubuntu 12.04 LTS:
cups 1.5.3-0ubuntu8.4

Ubuntu 10.04 LTS:
cups 1.4.3-1ubuntu1.12

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2293-1
CVE-2014-3537

Package Information:
https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.1
https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu8.4
https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.12

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTzUYmAAoJEGVp2FWnRL6TE0gP/jU9fM8aBHObWwVdK/vwoutF
u7uGWgb7bIKcnICnG0H9FBOg38ukA+YlwcgCmr8KevHl2cO4Aerw7U78KkKgh+HV
m0+Z9vfCQQcdv67InenB9rMg/VDXcRVI09tv0HaJIG3Go+CubyOgGogHFkY5ZuD0
crzShT7Jkb8PvoZigwl7N0XUG4RzINsYDSZfDGz5OM7G5EPJy+7I1kju6nymkSMw
8Uw0V6acAL9iP4cnsLqaGg769+bO8ApIwIiJS3J1cPDbDtVyOqm2mR3XjUfmA1SC
y6RhO88xa2t8ATVyMjNNasc8r4e359S4MUlRNwyYTu5qnd0ZXDk8VqthAv5YW+KS
kTDmkr1S5IIwPSh3R7LIzcHlRXQyqoCcT5g2XkqKpxb808s+M+7hbcMoSH3SsCdJ
jeMMxEYZumoezfxProTw/zjgtz/Q/4vShjSnQat+y7SRkAnnktuOfE2tqAW591uX
VXWPzGQtHCDubgVTqwNvRVTp5JKwtsMgLGjdxbAy6ZtHAdhXRPNJqDu9Qjw/G1eh
NW4GaWjJAuuHEiX5sZZ1/+TMpdSjNJzWTxaGNpREJbZlSHaWR16xi/4BWNHoZwMA
/3DKVUVdYaHnQdexzp0Lh14PfCRo6ZR0a7v0mhNztaRUPYsuPIpUmS14/HxjGqEo
69eRgjGyvG9tAr0033hJ
=eFOT
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2014-07-0015-ADV
CveCVE-2014-3537
ID izvornikaUSN-2293-1
Proizvodcups
Izvorhttp://www.ubuntu.com
ncert
Top
More in Preporuke
Ranjivost jezgre operacijskog sustava

Otkrivena je ranjivost u u načinu kojim su funkcije pppol2tp_setsockopt() i pppol2tp_getsockopt() u implementaciji PPP over L2TP upravljale razinom non-SOL_PPPOL2TP....

Close