Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 501198 (CVE-2013-6891) - <net-print/cups-1.7.1: Symlink attack (CVE-2013-6891)
Summary: <net-print/cups-1.7.1: Symlink attack (CVE-2013-6891)
Status: RESOLVED FIXED
Alias: CVE-2013-6891
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on: 437654
Blocks:
  Show dependency tree
 
Reported: 2014-02-13 15:24 UTC by GLSAMaker/CVETool Bot
Modified: 2014-03-27 11:26 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2014-02-13 15:24:40 UTC 
CVE-2013-6891 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6891):
  lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows
  local users to read portions of arbitrary files via a modified HOME
  environment variable and a symlink attack involving .cups/client.conf.


@maintainers: Please CC arches when ready to stable.
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2014-02-13 15:46:37 UTC 
Please stabilize net-print/cups-1.7.1

Target: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2014-02-13 15:52:50 UTC 
Note that this needs to go togehter with / depends on bug 437654, since cups-1.7.1 depends on cups-filters-1.0.43
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2014-02-13 16:04:47 UTC 
Stable for HPPA.
Comment 4 Agostino Sarubbo gentoo-dev 2014-02-16 07:08:42 UTC 
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2014-02-16 07:08:56 UTC 
x86 stable
Comment 6 Agostino Sarubbo gentoo-dev 2014-02-16 12:08:40 UTC 
ia64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2014-02-20 14:23:31 UTC 
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2014-02-22 07:31:25 UTC 
arm stable
Comment 9 Agostino Sarubbo gentoo-dev 2014-02-22 07:36:02 UTC 
alpha stable
Comment 10 Agostino Sarubbo gentoo-dev 2014-02-22 07:38:51 UTC 
ppc64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2014-02-22 07:41:03 UTC 
sparc stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 12 Sergey Popov gentoo-dev 2014-02-24 21:46:45 UTC 
Thanks for your work

GLSA vote: no
Comment 13 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2014-03-27 11:26:05 UTC 
GLSA vote: no.

Closing as [noglsa].