Mandriva Linux Security Advisory 2015-100 - Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp filter. Various other issues where also addressed.
7f312cada7ef4fe1709a37c3131bcc60a0c6ae0baefe7518dff2e7a96f7746ca-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:100
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : cups-filters
Date : March 29, 2015
Affected: Business Server 2.0
_______________________________________________________________________
Problem Description:
Updated cups-filters packages fix security vulnerabilities:
Florian Weimer discovered that cups-filters incorrectly handled
memory in the urftopdf filter. An attacker could possibly use this
issue to execute arbitrary code with the privileges of the lp user
(CVE-2013-6473).
Florian Weimer discovered that cups-filters incorrectly handled
memory in the pdftoopvp filter. An attacker could possibly use this
issue to execute arbitrary code with the privileges of the lp user
(CVE-2013-6474, CVE-2013-6475).
Florian Weimer discovered that cups-filters did not restrict driver
directories in in the pdftoopvp filter. An attacker could possibly
use this issue to execute arbitrary code with the privileges of the
lp user (CVE-2013-6476).
Sebastian Krahmer discovered it was possible to use malicious
broadcast packets to execute arbitrary commands on a server running
the cups-browsed daemon (CVE-2014-2707).
In cups-filters before 1.0.53, out-of-bounds accesses in the
process_browse_data function when reading the packet variable
could leading to a crash, thus resulting in a denial of service
(CVE-2014-4337).
In cups-filters before 1.0.53, if there was only a single BrowseAllow
line in cups-browsed.conf and its host specification was invalid, this
was interpreted as if no BrowseAllow line had been specified, which
resulted in it accepting browse packets from all hosts (CVE-2014-4338).
The CVE-2014-2707 issue with malicious broadcast packets, which
had been fixed in Mageia Bug 13216 (MGASA-2014-0181), had not been
completely fixed by that update. A more complete fix was implemented
in cups-filters 1.0.53 (CVE-2014-4336).
Note that only systems that have enabled the affected feature
by using the CreateIPPPrinterQueues configuration directive in
/etc/cups/cups-browsed.conf were affected by the CVE-2014-2707 /
CVE-2014-4336 issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2707
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4338
http://advisories.mageia.org/MGASA-2014-0170.html
http://advisories.mageia.org/MGASA-2014-0181.html
http://advisories.mageia.org/MGASA-2014-0267.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
8debeee26ba55f4bb1b93d553da75157 mbs2/x86_64/cups-filters-1.0.53-1.mbs2.x86_64.rpm
37666681642eddb5343e968a58b3d771 mbs2/x86_64/lib64cups-filters1-1.0.53-1.mbs2.x86_64.rpm
d526c4341f34532c8032655f7e334999 mbs2/x86_64/lib64cups-filters-devel-1.0.53-1.mbs2.x86_64.rpm
5ecb3127039ab1eacb519a7b98e1d545 mbs2/SRPMS/cups-filters-1.0.53-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVF3e0mqjQ0CJFipgRAmSxAJ0fLCoHyyU8zzI8WSW36Yi7P1fAMgCfZ3sm
w9BvNovNQW1jwArTVorAJo0=
=0EYE
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed