OracleVM 3.3 : cups (OVMSA-2014-0035)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Revert change to whitelist /rss/ resources, as this was
not used upstream.

- More STR #4461 fixes from upstream: make rss feeds
world-readable, but cachedir private.

- Fix icon display in web interface during server restart
(STR #4475).

- Fixes for upstream patch for STR #4461: allow /rss/
requests for files we created.

- Use upstream patch for STR #4461.

- Applied upstream patch to fix CVE-2014-5029 (bug
#1122600), CVE-2014-5030 (bug #1128764), CVE-2014-5031
(bug #1128767).

- Fix conf/log file reading for authenticated users (STR
#4461).

- Fix CGI handling (STR #4454, bug #1120419).

- fix patch for CVE-2014-3537 (bug #1117794)

- CVE-2014-2856: cross-site scripting flaw (bug #1117798)

- CVE-2014-3537: insufficient checking leads to privilege
escalation (bug #1117794)

- Removed package description changes.

- Applied patch to fix 'Bad request' errors as a result of
adding in httpSetTimeout (STR #4440, also part of svn
revision 9967).

- Fixed timeout issue with cupsd reading when there is no
data ready (bug #1110045).

- Fixed synconclose patch to avoid 'too many arguments for
format' warning.

- Fixed settimeout patch to include math.h for fmod
declaration.

- Fixed typo preventing web interface from changing driver
(bug #1104483, STR #3601).

- Fixed SyncOnClose patch (bug #984883).

- Use upstream patch to avoid replaying GSS credentials
(bug #1040293).

- Prevent BrowsePoll problems across suspend/resume (bug
#769292) :

- Eliminate indefinite wait for response (svn revision
9688).

- Backported httpSetTimeout API function from CUPS 1.5 and
use it in the ipp backend so that we wait indefinitely
until the printer responds, we get a hard error, or the
job is cancelled.

- cups-polld: reconnect on error.

- Added new SyncOnClose directive to use fsync after
altering configuration files: defaults to 'Yes'. Adjust
in cupsd.conf (bug #984883).

- Fix cupsctl man page typo (bug #1011076).

- Use more portable rpm specfile syntax for conditional
php building (bug #988598).

- Fix SetEnv directive in cupsd.conf (bug #986495).

- Fix 'collection' attribute sending (bug #978387).

- Prevent format_log segfault (bug #971079).

- Prevent stringpool corruption (bug #884851).

- Don't crash when job queued for printer that times out
(bug #855431).

- Upstream patch for broken multipart handling (bug
#852846).

- Install /etc/cron.daily/cups with correct permissions
(bug #1012482).

- Fixes for jobs with multiple files and multiple formats
(bug #972242).

- Applied patch to fix CVE-2012-5519 (privilege escalation
for users in SystemGroup or with equivalent polkit
permission). This prevents HTTP PUT requests with paths
under /admin/conf/ other than that for cupsd.conf, and
also prevents such requests altering certain
configuration directives such as PageLog and FileDevice
(bug #875898).

See also :

http://www.nessus.org/u?5c27127c

Solution :

Update the affected cups / cups-libs packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79550 ()

Bugtraq ID: 56494
66788
68788
68842
68846
68847

CVE ID: CVE-2012-5519
CVE-2014-2856
CVE-2014-3537
CVE-2014-5029
CVE-2014-5030
CVE-2014-5031

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now