drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in CUPS
Name: |
Mehrere Probleme in CUPS |
|
ID: |
USN-2144-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS |
|
Datum: |
Mi, 12. März 2014, 16:54 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6476 |
|
Applikationen: |
Common UNIX Printing System |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============0918940456239532627== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="eAM90dipvvtLle5eLq7RLrv0RsSEcVuAe"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --eAM90dipvvtLle5eLq7RLrv0RsSEcVuAe Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2144-1 March 12, 2014
cups vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
CUPS could be made to run programs as the lp user if it processed a specially crafted file.
Software Description: - cups: Common UNIX Printing System(tm)
Details:
Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS package incorrectly handled memory. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. (CVE-2013-6474, CVE-2013-6475)
Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS package did not restrict driver directories. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. (CVE-2013-6476)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.10
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2144-1 CVE-2013-6474, CVE-2013-6475, CVE-2013-6476
Package Information: https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.10
--eAM90dipvvtLle5eLq7RLrv0RsSEcVuAe Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJTIFDlAAoJEGVp2FWnRL6TcgkP/jFCgZyRMdiVE1IrARKzsoNP X4O2yjzp4GLG/NoQMXIbL2Y4+Qmcc8KND3c0b4+fFV3EJgAj3NWwB/WFgNXKfuUp qWk+EiiEL2GW237RSy1cq9euajnEXVWmSj4H/L1SAk3y4Q5LNN1jazQUvnOcW1b5 gb1HrzzSpxCB3Zsqnn9q075EvsmbNVIMOVUvQmbtEDVqOap/YRZpbvU8ZsQLhUko 3Em27srCD9vxkBvVI7LnRW7vlKFiX6Cl6T7SLhaKv/qkp1oJWnTpldw7LcSt1j2+ feTXr8KnjM7yjKevj7hS7WjMVuR/DEdcuR2x5ogJBajM4lbv92VPJNkTEKSgwP5t cD8Ukc8bjNavn3alua2FCu/6UdfW1kY5T/mi2StPWduBmYA2sg4Vl8ZM+vOVjIQz oiLEa6MZGsyybozmEbNgU5X2iDTdgFH8SkNQ7T166h2xrW+CeomB2uB7EAdTu8i2 G7c7LnaJrUMYFHQI3QvX6m6zkCmCPFmAdJpa0b0IX76csEAaPl+aMRGBizyQ4zhg EsQl7JjHRCTPLHe3GfrvtbjqEa81mDBHGRP89vNlLomJJJbyeaUjRoUBa11e9mBR O4yb9Nz4r+JX6F55nuAsjLmQtZwTyHS2QIGQNREsQcIK6XjyVyShsU8/QO97TbrW nPV35yX4bQQPoK/n5CIc =I35u -----END PGP SIGNATURE-----
--eAM90dipvvtLle5eLq7RLrv0RsSEcVuAe--
--===============0918940456239532627== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0918940456239532627==--
|
|
|
|