2014-04-22
ALT-BU-2014-2726-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2014-01-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2013-6891
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
Severity: LOW (1.2)
References:
Published: 2014-04-18
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-2856
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.
Severity: MEDIUM (4.3)
References:
- http://advisories.mageia.org/MGASA-2014-0193.html
- http://advisories.mageia.org/MGASA-2014-0193.html
- RHSA-2014:1388
- RHSA-2014:1388
- 57880
- 57880
- http://www.cups.org/documentation.php/relnotes.html
- http://www.cups.org/documentation.php/relnotes.html
- http://www.cups.org/str.php?L4356
- http://www.cups.org/str.php?L4356
- MDVSA-2015:108
- MDVSA-2015:108
- [oss-security] 20140414 CVE request: cross-site scripting issue fixed in CUPS 1.7.2
- [oss-security] 20140414 CVE request: cross-site scripting issue fixed in CUPS 1.7.2
- [oss-security] 20140415 Re: CVE request: cross-site scripting issue fixed in CUPS 1.7.2
- [oss-security] 20140415 Re: CVE request: cross-site scripting issue fixed in CUPS 1.7.2
- 66788
- 66788
- USN-2172-1
- USN-2172-1
Closed bugs
удалите поддержку /lib/udev/devices
Добавить provides: cups-libs
Вышла немного починенная версия 1.7.1 просьба собрать