Sicherheit: Mehrere Probleme in cups-filters

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============2401324596337495162==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="OFt58w8DT7qKcbfv9BAFwkeBTNbfK5KTA"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--OFt58w8DT7qKcbfv9BAFwkeBTNbfK5KTA
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2143-1
March 12, 2014

cups-filters vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

cups-filters could be made to run programs as the lp user if it processed a
specially crafted file.

Software Description:
- cups-filters: OpenPrinting CUPS Filters

Details:

Florian Weimer discovered that cups-filters incorrectly handled memory
in the urftopdf filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user. This issue only
affected Ubuntu 13.10. (CVE-2013-6473)

Florian Weimer discovered that cups-filters incorrectly handled memory
in the pdftoopvp filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user. (CVE-2013-6474,
CVE-2013-6475)

Florian Weimer discovered that cups-filters did not restrict driver
directories in in the pdftoopvp filter. An attacker could possibly use this
issue to execute arbitrary code with the privileges of the lp user.
(CVE-2013-6476)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.10:
cups-filters 1.0.40-0ubuntu1.1

Ubuntu 12.10:
cups-filters 1.0.24-2ubuntu0.2

Ubuntu 12.04 LTS:
cups-filters 1.0.18-0ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2143-1
CVE-2013-6473, CVE-2013-6474, CVE-2013-6475, CVE-2013-6476

Package Information:
https://launchpad.net/ubuntu/+source/cups-filters/1.0.40-0ubuntu1.1
https://launchpad.net/ubuntu/+source/cups-filters/1.0.24-2ubuntu0.2
https://launchpad.net/ubuntu/+source/cups-filters/1.0.18-0ubuntu0.2

--OFt58w8DT7qKcbfv9BAFwkeBTNbfK5KTA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJTIFDGAAoJEGVp2FWnRL6TzEgQAIRQbiCUdVF57yNmXCIYat6A
XQXUzo8Y/+CknXaF5YgBeyPBH9lRS2oD/8OhduFDuB1QQMc9LZFRNGL1Qt2FhpAh
oZ0psrF+f6zBMERF94rMwcr3EaaNqPtqR4AMvGFRPOJ8vSxI4Bi8JrzLwxDE+uZy
1AtEBkE7FC0PjbkZ5wF8McV5HQeSxk/Cb7K1DSgiIB5+0eIqKDnRs2bom8i4r1zx
Q9Ds0eU5Ad3t5kS9I93zVdNnFY4Cicm+1L7tOmS009SBXGXGMLimrQnOVBed4pdw
Y7RlG3m/kr1g6U8nf5mU2jfP6uSy351CQyNKkQew+Yt/6QeN8+TRWMAwxpJ63Yua
DOkZjK/vYammiSUhpZn48NOvY6Np4p2uIheShCIssL7P5mbeyHlUkXuKAwBcwXlW
TxCL7BZ//cR2sLqmfiUKiyusr08jFrMHI8lxpUI4bBNLOAQv2wNbxpjN/TP0g41+
tCXYr/sbQqRc+iTzx8kHt/R7paT4f2wbqkZdUezZKJOY62Kn6nO8I6eFbslN4knV
7hyq7Zae6l94v5CQgnjYVE9qju/pJgbS1rHsg3OHBory+uMsy8gwnbWPW2vSVYSL
n4Ae/tQPPhOkebFTd2Lrk+EMB4ap5iH9Qt8tcYgVreONdQwlVywugRQ1xIA+8U9H
p6uB2xjxEY3YhJNVhj0B
=rXZ2
-----END PGP SIGNATURE-----

--OFt58w8DT7qKcbfv9BAFwkeBTNbfK5KTA--

--===============2401324596337495162==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============2401324596337495162==--