Sikkerhedsoplysninger / 2014 / Sikkerhedsoplysninger -- DSA-2990-1 cups

Debians sikkerhedsbulletin

DSA-2990-1 cups -- sikkerhedsopdatering

Rapporteret den:

27. jul 2014

Berørte pakker:

cups

Sårbar:

Ja

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031.

Yderligere oplysninger:

It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a rettighedsforøgelse.

I den stabile distribution (wheezy), er disse problemer rettet i version 1.5.3-5+deb7u4.

I den ustabile distribution (sid), er disse problemer rettet i version 1.7.4-2.

Vi anbefaler at du opgraderer dine cups-pakker.