From ${URL} : It was reported [1] that a fix for CVE-2014-3537 [2] is not complete. In some cases privilege escalation is still possible [3]. Upstream patches are available at [3] as well. [1]: http://seclists.org/oss-sec/2014/q3/209 [2]: http://www.cups.org/str.php?L4450 [3]: https://cups.org/str.php?L4455 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-5029 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5029): The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537.
CVE-2014-5031 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5031): The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors. CVE-2014-5030 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5030): CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
Sorry for the noise this actually has 3 CVE's assigned to it. This is fixed in CUPS 1.7.4 Security: The web interface incorrectly served symlinked files and files that were not world-readable, potentially leading to a disclosure of information (STR #4450) Maintainer(s): after the bump please let us know when the ebuild is ready for stabilization.
(In reply to Yury German from comment #3) > Sorry for the noise this actually has 3 CVE's assigned to it. > > This is fixed in CUPS 1.7.4 > Security: The web interface incorrectly served symlinked files and files > that were not world-readable, potentially leading to a disclosure of > information (STR #4450) > > Maintainer(s): after the bump please let us know when the ebuild is ready > for stabilization. Let's go for cups-1.7.5 (another bug squashed there) instead, see bug 519792
The lowest awailable version (and also currently stable version) in the tree is now 1.7.5.
All affected ebuilds are long gone from the tree. Printing out.
GLSA vote: no.
GLSA Vote: No