Mandriva Linux Security Advisory : cups-filters (MDVSA-2015:100)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated cups-filters packages fix security vulnerabilities :

Florian Weimer discovered that cups-filters incorrectly handled memory
in the urftopdf filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user
(CVE-2013-6473).

Florian Weimer discovered that cups-filters incorrectly handled memory
in the pdftoopvp filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user
(CVE-2013-6474, CVE-2013-6475).

Florian Weimer discovered that cups-filters did not restrict driver
directories in in the pdftoopvp filter. An attacker could possibly use
this issue to execute arbitrary code with the privileges of the lp
user (CVE-2013-6476).

Sebastian Krahmer discovered it was possible to use malicious
broadcast packets to execute arbitrary commands on a server running
the cups-browsed daemon (CVE-2014-2707).

In cups-filters before 1.0.53, out-of-bounds accesses in the
process_browse_data function when reading the packet variable could
leading to a crash, thus resulting in a denial of service
(CVE-2014-4337).

In cups-filters before 1.0.53, if there was only a single BrowseAllow
line in cups-browsed.conf and its host specification was invalid, this
was interpreted as if no BrowseAllow line had been specified, which
resulted in it accepting browse packets from all hosts
(CVE-2014-4338).

The CVE-2014-2707 issue with malicious broadcast packets, which had
been fixed in Mageia Bug 13216 (MGASA-2014-0181), had not been
completely fixed by that update. A more complete fix was implemented
in cups-filters 1.0.53 (CVE-2014-4336).

Note that only systems that have enabled the affected feature by using
the CreateIPPPrinterQueues configuration directive in
/etc/cups/cups-browsed.conf were affected by the CVE-2014-2707 /
CVE-2014-4336 issue.

See also :

http://advisories.mageia.org/MGASA-2014-0170.html
http://advisories.mageia.org/MGASA-2014-0181.html
http://advisories.mageia.org/MGASA-2014-0267.html

Solution :

Update the affected cups-filters, lib64cups-filters-devel and / or
lib64cups-filters1 packages.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 82353 ()

Bugtraq ID:

CVE ID: CVE-2013-6473
CVE-2013-6474
CVE-2013-6475
CVE-2013-6476
CVE-2014-2707
CVE-2014-4336
CVE-2014-4337
CVE-2014-4338

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now