Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0575-1

Опубликовано: 29 июл. 2014
Источник: suse-cvrf

Описание

Security update for CUPS

This update fixes various issues in CUPS.

* CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031: Various insufficient symbolic link checking could have lead to privilege escalation from the lp user to root.

Security Issues:

* CVE-2014-3537 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537> * CVE-2014-5029 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029> * CVE-2014-5030 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030> * CVE-2014-5031 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031>

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3
cups-1.3.9-8.46.52.2
cups-client-1.3.9-8.46.52.2
cups-libs-1.3.9-8.46.52.2
cups-libs-32bit-1.3.9-8.46.52.2
SUSE Linux Enterprise Server 11 SP3
cups-1.3.9-8.46.52.2
cups-client-1.3.9-8.46.52.2
cups-libs-1.3.9-8.46.52.2
cups-libs-32bit-1.3.9-8.46.52.2
cups-libs-x86-1.3.9-8.46.52.2
SUSE Linux Enterprise Server 11 SP3-TERADATA
cups-1.3.9-8.46.52.2
cups-client-1.3.9-8.46.52.2
cups-libs-1.3.9-8.46.52.2
cups-libs-32bit-1.3.9-8.46.52.2
cups-libs-x86-1.3.9-8.46.52.2
SUSE Linux Enterprise Server for SAP Applications 11 SP3
cups-1.3.9-8.46.52.2
cups-client-1.3.9-8.46.52.2
cups-libs-1.3.9-8.46.52.2
cups-libs-32bit-1.3.9-8.46.52.2
cups-libs-x86-1.3.9-8.46.52.2
SUSE Linux Enterprise Software Development Kit 11 SP3
cups-devel-1.3.9-8.46.52.2

Ссылки

Описание

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:cups-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-client-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-libs-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-libs-32bit-1.3.9-8.46.52.2
Ссылки

Описание

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:cups-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-client-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-libs-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-libs-32bit-1.3.9-8.46.52.2
Ссылки

Описание

The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:cups-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-client-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-libs-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-libs-32bit-1.3.9-8.46.52.2
Ссылки

Описание

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:cups-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-client-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-libs-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-libs-32bit-1.3.9-8.46.52.2
Ссылки

Описание

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:cups-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-client-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-libs-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-libs-32bit-1.3.9-8.46.52.2
Ссылки

Описание

Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:cups-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-client-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-libs-1.3.9-8.46.52.2
SUSE Linux Enterprise Desktop 11 SP3:cups-libs-32bit-1.3.9-8.46.52.2
Ссылки
Уязвимость SUSE-SU-2015:0575-1