drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in CUPS
| Name: |
Mangelnde Rechteprüfung in CUPS |
|
| ID: |
USN-2293-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 14.04 LTS |
|
| Datum: |
Di, 22. Juli 2014, 08:55 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537 |
|
| Applikationen: |
Common UNIX Printing System |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6048657473396753637==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="BRIKrMGnBM3n0vg33sitbhM84o1Dpsf31"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--BRIKrMGnBM3n0vg33sitbhM84o1Dpsf31
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-2293-1
July 21, 2014
cups vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
CUPS could be made to expose sensitive information, leading to privilege
escalation.
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
Francisco Alonso discovered that the CUPS web interface incorrectly
validated permissions on rss files. A local attacker could possibly use
this issue to bypass file permissions and read arbitrary files, possibly
leading to a privilege escalation.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
cups 1.7.2-0ubuntu1.1
Ubuntu 12.04 LTS:
cups 1.5.3-0ubuntu8.4
Ubuntu 10.04 LTS:
cups 1.4.3-1ubuntu1.12
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2293-1
CVE-2014-3537
Package Information:
https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.1
https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu8.4
https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.12
--BRIKrMGnBM3n0vg33sitbhM84o1Dpsf31
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJTzUYmAAoJEGVp2FWnRL6TE0gP/jU9fM8aBHObWwVdK/vwoutF
u7uGWgb7bIKcnICnG0H9FBOg38ukA+YlwcgCmr8KevHl2cO4Aerw7U78KkKgh+HV
m0+Z9vfCQQcdv67InenB9rMg/VDXcRVI09tv0HaJIG3Go+CubyOgGogHFkY5ZuD0
crzShT7Jkb8PvoZigwl7N0XUG4RzINsYDSZfDGz5OM7G5EPJy+7I1kju6nymkSMw
8Uw0V6acAL9iP4cnsLqaGg769+bO8ApIwIiJS3J1cPDbDtVyOqm2mR3XjUfmA1SC
y6RhO88xa2t8ATVyMjNNasc8r4e359S4MUlRNwyYTu5qnd0ZXDk8VqthAv5YW+KS
kTDmkr1S5IIwPSh3R7LIzcHlRXQyqoCcT5g2XkqKpxb808s+M+7hbcMoSH3SsCdJ
jeMMxEYZumoezfxProTw/zjgtz/Q/4vShjSnQat+y7SRkAnnktuOfE2tqAW591uX
VXWPzGQtHCDubgVTqwNvRVTp5JKwtsMgLGjdxbAy6ZtHAdhXRPNJqDu9Qjw/G1eh
NW4GaWjJAuuHEiX5sZZ1/+TMpdSjNJzWTxaGNpREJbZlSHaWR16xi/4BWNHoZwMA
/3DKVUVdYaHnQdexzp0Lh14PfCRo6ZR0a7v0mhNztaRUPYsuPIpUmS14/HxjGqEo
69eRgjGyvG9tAr0033hJ
=eFOT
-----END PGP SIGNATURE-----
--BRIKrMGnBM3n0vg33sitbhM84o1Dpsf31--
--===============6048657473396753637==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6048657473396753637==--
|
|
|
|
