ALT-PU-2014-2057-1
Closed vulnerabilities
Published: 2014-07-23
BDU:2015-01463
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (5.0)
References:
Published: 2014-07-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3537
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
Severity: LOW (1.2)
References:
- http://advisories.mageia.org/MGASA-2014-0313.html
- http://advisories.mageia.org/MGASA-2014-0313.html
- APPLE-SA-2014-10-16-1
- APPLE-SA-2014-10-16-1
- FEDORA-2014-8351
- FEDORA-2014-8351
- RHSA-2014:1388
- RHSA-2014:1388
- 59945
- 59945
- 60273
- 60273
- 60787
- 60787
- http://www.cups.org/blog.php?L724
- http://www.cups.org/blog.php?L724
- http://www.cups.org/str.php?L4450
- http://www.cups.org/str.php?L4450
- MDVSA-2015:108
- MDVSA-2015:108
- 68788
- 68788
- 1030611
- 1030611
- USN-2293-1
- USN-2293-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1115576
- https://bugzilla.redhat.com/show_bug.cgi?id=1115576
- https://support.apple.com/kb/HT6535
- https://support.apple.com/kb/HT6535
Published: 2014-07-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-5030
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
Severity: LOW (1.9)
References:
- http://advisories.mageia.org/MGASA-2014-0313.html
- http://advisories.mageia.org/MGASA-2014-0313.html
- RHSA-2014:1388
- RHSA-2014:1388
- 60509
- 60509
- 60787
- 60787
- DSA-2990
- DSA-2990
- MDVSA-2015:108
- MDVSA-2015:108
- [oss-security] 20140722 Re: CVE Request: cups: Incomplete fix for CVE-2014-3537
- [oss-security] 20140722 Re: CVE Request: cups: Incomplete fix for CVE-2014-3537
- [oss-security] 20140722 CVE Request: cups: Incomplete fix for CVE-2014-3537
- [oss-security] 20140722 CVE Request: cups: Incomplete fix for CVE-2014-3537
- USN-2341-1
- USN-2341-1
- https://cups.org/str.php?L4455
- https://cups.org/str.php?L4455
Published: 2014-07-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-5031
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
Severity: MEDIUM (5.0)
References:
- http://advisories.mageia.org/MGASA-2014-0313.html
- http://advisories.mageia.org/MGASA-2014-0313.html
- RHSA-2014:1388
- RHSA-2014:1388
- 60509
- 60509
- 60787
- 60787
- DSA-2990
- DSA-2990
- MDVSA-2015:108
- MDVSA-2015:108
- [oss-security] 20140722 Re: CVE Request: cups: Incomplete fix for CVE-2014-3537
- [oss-security] 20140722 Re: CVE Request: cups: Incomplete fix for CVE-2014-3537
- [oss-security] 20140722 CVE Request: cups: Incomplete fix for CVE-2014-3537
- [oss-security] 20140722 CVE Request: cups: Incomplete fix for CVE-2014-3537
- USN-2341-1
- USN-2341-1
- https://cups.org/str.php?L4455
- https://cups.org/str.php?L4455