From URL: ---- We received a report from Google that cupsd can be exploited to perform a privilege escalation using a combination of bugs and the dynamic linker's support for (pre)loading or redirecting which shared libraries are used by the cups-exec helper program. An attacker from remote who is allowed to submit print jobs toa CUPS server can upload a new cupsd.conf file onto that server. ---- The 'one other' being http://www.cups.org/str.php?L4602 (not assigned a CVE): ---- The CUPS server can get stuck in an infinite loop when a user queues a malformed gzip file. When this happens the CUPS server will be unable to service any further requests. (I'm running CUPS using systemd's socket activation, which might perhaps be relevant.) ---- Affects versions: < 2.0.3 http://www.cups.org/str.php?L4609 http://www.cups.org/str.php?L4602 Reproducible: Always
CVE-2015-{1158,1159} - Additional CVE's requested.
CVE-2015-1159 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1159): Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/. CVE-2015-1158 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1158): The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
*cups-2.0.3 (06 Jul 2015) 06 Jul 2015; Matthias Maier <tamiko@gentoo.org> +cups-2.0.3.ebuild, -cups-1.7.5-r2.ebuild, -cups-1.7.5.ebuild, -cups-1.7.9999.ebuild, -cups-2.0.0-r2.ebuild, -cups-2.0.1-r1.ebuild, -cups-2.0.2-r2.ebuild, -cups-2.0.2.ebuild: version bump; cleanup; CVE-2015-{1158,1159}, bug #551846
Arches, please stabilize =net-print/cups-2.0.3 Target keywords: alpha amd64 arm hppa ppc ppc64 sparc x86
I accidentally missed that 2.0.2 is not stable for ia64. 06 Jul 2015; Matthias Maier <tamiko@gentoo.org> +cups-2.0.1-r1.ebuild: ressurect accidentally deleted latest stable version for ia64, bug #551846 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Stable for HPPA PPC64.
amd64 stable
arm stable
Stable on alpha.
ppc stable
sparc stable
ia64 stable
x86 stable
Maintainer(s), Thank you for you for cleanup. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s).
Cleanup done.
This issue was resolved and addressed in GLSA 201510-07 at https://security.gentoo.org/glsa/201510-07 by GLSA coordinator Kristian Fiskerstrand (K_F).
https://www.freifunk-gera-greiz.de/web/okcupud/home/-/blogs/best-songs-about-sex https://www.freifunk-gera-greiz.de/web/okcupud/home/-/blogs/7-ways-being-a-better-cook-can-make-you-a-better-lover https://www.freifunk-gera-greiz.de/web/okcupud/home/-/blogs/5-kinky-dating-tips https://agreatertown.com/albuquerque_nm/3_ways_to_tell_if_your_dinner_date_is_going_right_000190685592 http://portal.mcleodrussel.com/eu/web/okcupid/
