drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in CUPS
Name: |
Mangelnde Rechteprüfung in CUPS |
|
ID: |
USN-2293-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS |
|
Datum: |
Di, 22. Juli 2014, 08:55 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537 |
|
Applikationen: |
Common UNIX Printing System |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6048657473396753637== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="BRIKrMGnBM3n0vg33sitbhM84o1Dpsf31"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --BRIKrMGnBM3n0vg33sitbhM84o1Dpsf31 Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-2293-1 July 21, 2014
cups vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS
Summary:
CUPS could be made to expose sensitive information, leading to privilege escalation.
Software Description: - cups: Common UNIX Printing System(tm)
Details:
Francisco Alonso discovered that the CUPS web interface incorrectly validated permissions on rss files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.1
Ubuntu 12.04 LTS: cups 1.5.3-0ubuntu8.4
Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.12
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2293-1 CVE-2014-3537
Package Information: https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.1 https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu8.4 https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.12
--BRIKrMGnBM3n0vg33sitbhM84o1Dpsf31 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJTzUYmAAoJEGVp2FWnRL6TE0gP/jU9fM8aBHObWwVdK/vwoutF u7uGWgb7bIKcnICnG0H9FBOg38ukA+YlwcgCmr8KevHl2cO4Aerw7U78KkKgh+HV m0+Z9vfCQQcdv67InenB9rMg/VDXcRVI09tv0HaJIG3Go+CubyOgGogHFkY5ZuD0 crzShT7Jkb8PvoZigwl7N0XUG4RzINsYDSZfDGz5OM7G5EPJy+7I1kju6nymkSMw 8Uw0V6acAL9iP4cnsLqaGg769+bO8ApIwIiJS3J1cPDbDtVyOqm2mR3XjUfmA1SC y6RhO88xa2t8ATVyMjNNasc8r4e359S4MUlRNwyYTu5qnd0ZXDk8VqthAv5YW+KS kTDmkr1S5IIwPSh3R7LIzcHlRXQyqoCcT5g2XkqKpxb808s+M+7hbcMoSH3SsCdJ jeMMxEYZumoezfxProTw/zjgtz/Q/4vShjSnQat+y7SRkAnnktuOfE2tqAW591uX VXWPzGQtHCDubgVTqwNvRVTp5JKwtsMgLGjdxbAy6ZtHAdhXRPNJqDu9Qjw/G1eh NW4GaWjJAuuHEiX5sZZ1/+TMpdSjNJzWTxaGNpREJbZlSHaWR16xi/4BWNHoZwMA /3DKVUVdYaHnQdexzp0Lh14PfCRo6ZR0a7v0mhNztaRUPYsuPIpUmS14/HxjGqEo 69eRgjGyvG9tAr0033hJ =eFOT -----END PGP SIGNATURE-----
--BRIKrMGnBM3n0vg33sitbhM84o1Dpsf31--
--===============6048657473396753637== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6048657473396753637==--
|
|
|
|