Test ID:	1.3.6.1.4.1.25623.1.0.120032
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2015-559)
Summary:	The remote host is missing an update for the 'cups' package(s) announced via the ALAS-2015-559 advisory.
Description:	Summary: The remote host is missing an update for the 'cups' package(s) announced via the ALAS-2015-559 advisory. Vulnerability Insight: A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158) A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. (CVE-2015-1159) An integer overflow leading to a heap-based buffer overflow was found in the way cups handled compressed raster image files. An attacker could create a specially-crafted image file, which when passed via the cups Raster filter, could cause the cups filter to crash. (CVE-2014-9679) Affected Software/OS: 'cups' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-9679 BugTraq ID: 72594 http://www.securityfocus.com/bid/72594 Debian Security Information: DSA-3172 (Google Search) http://www.debian.org/security/2015/dsa-3172 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150177.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150171.html https://security.gentoo.org/glsa/201607-06 http://www.mandriva.com/security/advisories?name=MDVSA-2015:049 http://www.mandriva.com/security/advisories?name=MDVSA-2015:108 http://www.openwall.com/lists/oss-security/2015/02/10/15 http://www.openwall.com/lists/oss-security/2015/02/12/12 RedHat Security Advisories: RHSA-2015:1123 http://rhn.redhat.com/errata/RHSA-2015-1123.html http://www.securitytracker.com/id/1031776 SuSE Security Announcement: openSUSE-SU-2015:0381 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00098.html http://www.ubuntu.com/usn/USN-2520-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-1158 BugTraq ID: 75098 http://www.securityfocus.com/bid/75098 CERT/CC vulnerability note: VU#810572 http://www.kb.cert.org/vuls/id/810572 Debian Security Information: DSA-3283 (Google Search) http://www.debian.org/security/2015/dsa-3283 https://www.exploit-db.com/exploits/37336/ https://www.exploit-db.com/exploits/41233/ https://security.gentoo.org/glsa/201510-07 http://googleprojectzero.blogspot.in/2015/06/owning-internet-printing-case-study-in.html https://code.google.com/p/google-security-research/issues/detail?id=455 https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py http://www.securitytracker.com/id/1032556 SuSE Security Announcement: SUSE-SU-2015:1041 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00003.html SuSE Security Announcement: SUSE-SU-2015:1044 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00006.html SuSE Security Announcement: openSUSE-SU-2015:1056 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00010.html http://www.ubuntu.com/usn/USN-2629-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-1159 BugTraq ID: 75106 http://www.securityfocus.com/bid/75106
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.