-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:100 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : cups-filters Date : March 29, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated cups-filters packages fix security vulnerabilities: Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6473). Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6474, CVE-2013-6475). Florian Weimer discovered that cups-filters did not restrict driver directories in in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6476). Sebastian Krahmer discovered it was possible to use malicious broadcast packets to execute arbitrary commands on a server running the cups-browsed daemon (CVE-2014-2707). In cups-filters before 1.0.53, out-of-bounds accesses in the process_browse_data function when reading the packet variable could leading to a crash, thus resulting in a denial of service (CVE-2014-4337). In cups-filters before 1.0.53, if there was only a single BrowseAllow line in cups-browsed.conf and its host specification was invalid, this was interpreted as if no BrowseAllow line had been specified, which resulted in it accepting browse packets from all hosts (CVE-2014-4338). The CVE-2014-2707 issue with malicious broadcast packets, which had been fixed in Mageia Bug 13216 (MGASA-2014-0181), had not been completely fixed by that update. A more complete fix was implemented in cups-filters 1.0.53 (CVE-2014-4336). Note that only systems that have enabled the affected feature by using the CreateIPPPrinterQueues configuration directive in /etc/cups/cups-browsed.conf were affected by the CVE-2014-2707 / CVE-2014-4336 issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4338 http://advisories.mageia.org/MGASA-2014-0170.html http://advisories.mageia.org/MGASA-2014-0181.html http://advisories.mageia.org/MGASA-2014-0267.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: 8debeee26ba55f4bb1b93d553da75157 mbs2/x86_64/cups-filters-1.0.53-1.mbs2.x86_64.rpm 37666681642eddb5343e968a58b3d771 mbs2/x86_64/lib64cups-filters1-1.0.53-1.mbs2.x86_64.rpm d526c4341f34532c8032655f7e334999 mbs2/x86_64/lib64cups-filters-devel-1.0.53-1.mbs2.x86_64.rpm 5ecb3127039ab1eacb519a7b98e1d545 mbs2/SRPMS/cups-filters-1.0.53-1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVF3e0mqjQ0CJFipgRAmSxAJ0fLCoHyyU8zzI8WSW36Yi7P1fAMgCfZ3sm w9BvNovNQW1jwArTVorAJo0= =0EYE -----END PGP SIGNATURE-----
