Mandriva Linux Security Advisory : cups-filters (MDVSA-2015:100)

High Nessus Plugin ID 82353

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated cups-filters packages fix security vulnerabilities :

Florian Weimer discovered that cups-filters incorrectly handled memory in the urftopdf filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6473).

Florian Weimer discovered that cups-filters incorrectly handled memory in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6474, CVE-2013-6475).

Florian Weimer discovered that cups-filters did not restrict driver directories in in the pdftoopvp filter. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user (CVE-2013-6476).

Sebastian Krahmer discovered it was possible to use malicious broadcast packets to execute arbitrary commands on a server running the cups-browsed daemon (CVE-2014-2707).

In cups-filters before 1.0.53, out-of-bounds accesses in the process_browse_data function when reading the packet variable could leading to a crash, thus resulting in a denial of service (CVE-2014-4337).

In cups-filters before 1.0.53, if there was only a single BrowseAllow line in cups-browsed.conf and its host specification was invalid, this was interpreted as if no BrowseAllow line had been specified, which resulted in it accepting browse packets from all hosts (CVE-2014-4338).

The CVE-2014-2707 issue with malicious broadcast packets, which had been fixed in Mageia Bug 13216 (MGASA-2014-0181), had not been completely fixed by that update. A more complete fix was implemented in cups-filters 1.0.53 (CVE-2014-4336).

Note that only systems that have enabled the affected feature by using the CreateIPPPrinterQueues configuration directive in /etc/cups/cups-browsed.conf were affected by the CVE-2014-2707 / CVE-2014-4336 issue.

Solution

Update the affected cups-filters, lib64cups-filters-devel and / or lib64cups-filters1 packages.

See Also

http://advisories.mageia.org/MGASA-2014-0170.html

http://advisories.mageia.org/MGASA-2014-0181.html

http://advisories.mageia.org/MGASA-2014-0267.html

Plugin Details

Severity: High

ID: 82353

File Name: mandriva_MDVSA-2015-100.nasl

Version: 1.4

Type: local

Published: 2015/03/30

Updated: 2021/01/14

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 8.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:cups-filters, p-cpe:/a:mandriva:linux:lib64cups-filters-devel, p-cpe:/a:mandriva:linux:lib64cups-filters1, cpe:/o:mandriva:business_server:2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2015/03/29

Reference Information

CVE: CVE-2013-6473, CVE-2013-6474, CVE-2013-6475, CVE-2013-6476, CVE-2014-2707, CVE-2014-4336, CVE-2014-4337, CVE-2014-4338

MDVSA: 2015:100