drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in CUPS
| Name: |
Mehrere Probleme in CUPS |
|
| ID: |
USN-2144-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS |
|
| Datum: |
Mi, 12. März 2014, 16:54 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6476 |
|
| Applikationen: |
Common UNIX Printing System |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0918940456239532627==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="eAM90dipvvtLle5eLq7RLrv0RsSEcVuAe"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--eAM90dipvvtLle5eLq7RLrv0RsSEcVuAe
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-2144-1
March 12, 2014
cups vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
CUPS could be made to run programs as the lp user if it processed a
specially crafted file.
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS
package incorrectly handled memory. An attacker could possibly use this
issue to execute arbitrary code with the privileges of the lp user.
(CVE-2013-6474, CVE-2013-6475)
Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS
package did not restrict driver directories. An attacker could possibly use
this issue to execute arbitrary code with the privileges of the lp user.
(CVE-2013-6476)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
cups 1.4.3-1ubuntu1.10
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2144-1
CVE-2013-6474, CVE-2013-6475, CVE-2013-6476
Package Information:
https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.10
--eAM90dipvvtLle5eLq7RLrv0RsSEcVuAe
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJTIFDlAAoJEGVp2FWnRL6TcgkP/jFCgZyRMdiVE1IrARKzsoNP
X4O2yjzp4GLG/NoQMXIbL2Y4+Qmcc8KND3c0b4+fFV3EJgAj3NWwB/WFgNXKfuUp
qWk+EiiEL2GW237RSy1cq9euajnEXVWmSj4H/L1SAk3y4Q5LNN1jazQUvnOcW1b5
gb1HrzzSpxCB3Zsqnn9q075EvsmbNVIMOVUvQmbtEDVqOap/YRZpbvU8ZsQLhUko
3Em27srCD9vxkBvVI7LnRW7vlKFiX6Cl6T7SLhaKv/qkp1oJWnTpldw7LcSt1j2+
feTXr8KnjM7yjKevj7hS7WjMVuR/DEdcuR2x5ogJBajM4lbv92VPJNkTEKSgwP5t
cD8Ukc8bjNavn3alua2FCu/6UdfW1kY5T/mi2StPWduBmYA2sg4Vl8ZM+vOVjIQz
oiLEa6MZGsyybozmEbNgU5X2iDTdgFH8SkNQ7T166h2xrW+CeomB2uB7EAdTu8i2
G7c7LnaJrUMYFHQI3QvX6m6zkCmCPFmAdJpa0b0IX76csEAaPl+aMRGBizyQ4zhg
EsQl7JjHRCTPLHe3GfrvtbjqEa81mDBHGRP89vNlLomJJJbyeaUjRoUBa11e9mBR
O4yb9Nz4r+JX6F55nuAsjLmQtZwTyHS2QIGQNREsQcIK6XjyVyShsU8/QO97TbrW
nPV35yX4bQQPoK/n5CIc
=I35u
-----END PGP SIGNATURE-----
--eAM90dipvvtLle5eLq7RLrv0RsSEcVuAe--
--===============0918940456239532627==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0918940456239532627==--
|
|
|
|
