LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

June 2015

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA June 2015

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Important: cups on SL6.x, SL7.x i386/x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Wed, 17 Jun 2015 22:05:51 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (64 lines)

Synopsis:          Important: cups security update
Advisory ID:       SLSA-2015:1123-1
Issue Date:        2015-06-17
CVE Numbers:       CVE-2014-9679
                   CVE-2015-1158
                   CVE-2015-1159
--

A string reference count bug was found in cupsd, causing premature freeing
of string objects. An attacker can submit a malicious print job that
exploits this flaw to dismantle ACLs protecting privileged operations,
allowing a replacement configuration file to be uploaded which in turn
allows the attacker to run arbitrary code in the CUPS server
(CVE-2015-1158)

A cross-site scripting flaw was found in the cups web templating engine.
An attacker could use this flaw to bypass the default configuration
settings that bind the CUPS scheduler to the 'localhost' or loopback
interface. (CVE-2015-1159)

An integer overflow leading to a heap-based buffer overflow was found in
the way cups handled compressed raster image files. An attacker could
create a specially-crafted image file, which when passed via the cups
Raster filter, could cause the cups filter to crash. (CVE-2014-9679)

After installing this update, the cupsd daemon will be restarted
automatically.
--

SL6
  x86_64
    cups-1.4.2-67.el6_6.1.x86_64.rpm
    cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm
    cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm
    cups-libs-1.4.2-67.el6_6.1.i686.rpm
    cups-libs-1.4.2-67.el6_6.1.x86_64.rpm
    cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm
    cups-devel-1.4.2-67.el6_6.1.i686.rpm
    cups-devel-1.4.2-67.el6_6.1.x86_64.rpm
    cups-php-1.4.2-67.el6_6.1.x86_64.rpm
  i386
    cups-1.4.2-67.el6_6.1.i686.rpm
    cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm
    cups-libs-1.4.2-67.el6_6.1.i686.rpm
    cups-lpd-1.4.2-67.el6_6.1.i686.rpm
    cups-devel-1.4.2-67.el6_6.1.i686.rpm
    cups-php-1.4.2-67.el6_6.1.i686.rpm
SL7
  x86_64
    cups-1.6.3-17.el7_1.1.x86_64.rpm
    cups-client-1.6.3-17.el7_1.1.x86_64.rpm
    cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm
    cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm
    cups-libs-1.6.3-17.el7_1.1.i686.rpm
    cups-libs-1.6.3-17.el7_1.1.x86_64.rpm
    cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm
    cups-devel-1.6.3-17.el7_1.1.i686.rpm
    cups-devel-1.6.3-17.el7_1.1.x86_64.rpm
    cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm
  noarch
    cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV