Summary: | <net-print/cups-2.0.3: multiple vulnerabilities (CVE-2015-{1158,1159}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | printing |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.cups.org/str.php?L4609 | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=545740 | ||
Whiteboard: | A1 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2015-06-11 23:18:41 UTC
CVE-2015-{1158,1159} - Additional CVE's requested. CVE-2015-1159 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1159): Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/. CVE-2015-1158 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1158): The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. *cups-2.0.3 (06 Jul 2015) 06 Jul 2015; Matthias Maier <tamiko@gentoo.org> +cups-2.0.3.ebuild, -cups-1.7.5-r2.ebuild, -cups-1.7.5.ebuild, -cups-1.7.9999.ebuild, -cups-2.0.0-r2.ebuild, -cups-2.0.1-r1.ebuild, -cups-2.0.2-r2.ebuild, -cups-2.0.2.ebuild: version bump; cleanup; CVE-2015-{1158,1159}, bug #551846 Arches, please stabilize =net-print/cups-2.0.3 Target keywords: alpha amd64 arm hppa ppc ppc64 sparc x86 I accidentally missed that 2.0.2 is not stable for ia64. 06 Jul 2015; Matthias Maier <tamiko@gentoo.org> +cups-2.0.1-r1.ebuild: ressurect accidentally deleted latest stable version for ia64, bug #551846 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA PPC64. amd64 stable arm stable Stable on alpha. ppc stable sparc stable ia64 stable x86 stable Maintainer(s), Thank you for you for cleanup. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). Cleanup done. This issue was resolved and addressed in GLSA 201510-07 at https://security.gentoo.org/glsa/201510-07 by GLSA coordinator Kristian Fiskerstrand (K_F). https://www.freifunk-gera-greiz.de/web/okcupud/home/-/blogs/best-songs-about-sex https://www.freifunk-gera-greiz.de/web/okcupud/home/-/blogs/7-ways-being-a-better-cook-can-make-you-a-better-lover https://www.freifunk-gera-greiz.de/web/okcupud/home/-/blogs/5-kinky-dating-tips https://agreatertown.com/albuquerque_nm/3_ways_to_tell_if_your_dinner_date_is_going_right_000190685592 http://portal.mcleodrussel.com/eu/web/okcupid/ |