Scientific Linux Security Update : cups-filters on SL7.x x86_64
Medium Nessus Plugin ID 78855
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionAn out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups- browsed, would crash the cups-browsed daemon. (CVE-2014-4337)
A flaw was found in the way the cups-browsed daemon interpreted the 'BrowseAllow' directive in the cups-browsed.conf file. An attacker able to add a malformed 'BrowseAllow' directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions. (CVE-2014-4338)
After installing this update, the cups-browsed daemon will be restarted automatically.
SolutionUpdate the affected packages.