Synopsis: Moderate: cups-filters security update Advisory ID: SLSA-2014:1795-1 Issue Date: 2014-11-03 CVE Numbers: CVE-2014-4338 CVE-2014-4337 -- An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups- browsed, would crash the cups-browsed daemon. (CVE-2014-4337) A flaw was found in the way the cups-browsed daemon interpreted the "BrowseAllow" directive in the cups-browsed.conf file. An attacker able to add a malformed "BrowseAllow" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions. (CVE-2014-4338) After installing this update, the cups-browsed daemon will be restarted automatically. -- SL7 x86_64 cups-filters-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.i686.rpm cups-filters-debuginfo-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-libs-1.0.35-15.el7_0.1.i686.rpm cups-filters-libs-1.0.35-15.el7_0.1.x86_64.rpm cups-filters-devel-1.0.35-15.el7_0.1.i686.rpm cups-filters-devel-1.0.35-15.el7_0.1.x86_64.rpm - Scientific Linux Development Team