Package cups updated to version 1.7.2-alt1 for branch sisyphus in task 118597.

Published: 2014-01-26
Modified: 2025-04-11

CVE-2013-6891

lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.

Severity: LOW (1.2) Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N

References:

Published: 2014-04-18
Modified: 2025-04-12

CVE-2014-2856

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the is_path_absolute function.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

удалите поддержку /lib/udev/devices

Добавить provides: cups-libs

Вышла немного починенная версия 1.7.1 просьба собрать

Version: 2.1.2

Package cups update in sisyphus on 2014-04-21

ALT-PU-2014-1513-1

Closed vulnerabilities

CVE-2013-6891

CVE-2014-2856

Closed bugs

Bug #29445

Bug #29908

Bug #29910