All errata/sisyphus/ALT-PU-2015-2012-1
ALT-PU-2015-2012-1

Package update cups in branch sisyphus

Version2.1.0-alt1
Task#153313
Published2015-11-18
Max severityCRITICAL
Severity:

Closed issues (4)

BDU:2015-10444
CRITICAL10.0

Уязвимость сервера печати CUPS, позволяющая нарушителю изменить файл конфигурации устройства или выполнить произвольный код

Published: 2016-07-07Modified: 2021-03-23
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2015-10516
MEDIUM4.3

Уязвимость функции cgi_puts сервера печати CUPS, позволяющая нарушителю внедрить произвольный JavaScript- или HTML-код в формируемые страницы веб-интерфейса

Published: 2016-07-07Modified: 2021-03-23
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
References
CVE-2015-1158
CRITICAL10.0

The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.

Published: 2015-06-26Modified: 2025-04-12
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2015-1159
MEDIUM4.3

Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/.

Published: 2015-06-26Modified: 2025-04-12
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
References