[DLA-0022-1] cups security update

To: debian-lts-announce@lists.debian.org
Subject: [DLA-0022-1] cups security update
From: Didier 'OdyX' Raboud <odyx@debian.org>
Date: Thu, 31 Jul 2014 09:47:54 +0200
Message-id: <[🔎] 2195511.c49hryByjX@gyllingar>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Debian Security Advisory DLA-0022-1
https://wiki.debian.org/LTS
- ---------------------------------------------------------------------
Package        : cups
Version        : 1.4.4-7+squeeze6
CVE ID         : CVE-2014-3537
                 CVE-2014-5029
                 CVE-2014-5030
                 CVE-2014-5031

It was discovered that the web interface in CUPS, the Common UNIX
Printing System, incorrectly validated permissions on rss files and
directory index files. A local attacker could possibly use this issue
to bypass file permissions and read arbitrary files, possibly leading
to a privilege escalation.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: [DLA-0019-1] postgresql-8.4 update
Next by Date: [DLA 26-1] python-scipy security update
Previous by thread: [DLA-0019-1] postgresql-8.4 update
Next by thread: [DLA 26-1] python-scipy security update
Index(es):
- Date
- Thread