|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for cups RHSA-2014:1388-02|
|Summary:||The remote host is missing an update for the 'cups'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'cups'
package(s) announced via the referenced advisory.
CUPS provides a portable printing layer for Linux, UNIX, and similar
A cross-site scripting (XSS) flaw was found in the CUPS web interface.
An attacker could use this flaw to perform a cross-site scripting attack
against users of the CUPS web interface. (CVE-2014-2856)
It was discovered that CUPS allowed certain users to create symbolic links
in certain directories under /var/cache/cups/. A local user with the 'lp'
group privileges could use this flaw to read the contents of arbitrary
files on the system or, potentially, escalate their privileges on the
system. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031)
The CVE-2014-3537 issue was discovered by Francisco Alonso of Red Hat
These updated cups packages also include several bug fixes. Space precludes
documenting all of these changes in this advisory. Users are directed to
the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the
References section, for information on the most significant of these
All cups users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the cupsd daemon will be restarted automatically.
cups on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2014-2856|
BugTraq ID: 66788
RedHat Security Advisories: RHSA-2014:1388
Common Vulnerability Exposure (CVE) ID: CVE-2014-3537
BugTraq ID: 68788
Common Vulnerability Exposure (CVE) ID: CVE-2014-5029
Debian Security Information: DSA-2990 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2014-5030
Common Vulnerability Exposure (CVE) ID: CVE-2014-5031
|Copyright||Copyright (C) 2014 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.