Ubuntu Update For Cups USN-2144-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS package incorrectly handled memory. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. (CVE-2013-6474, CVE-2013-6475) Florian Weimer discovered that the pdftoopvp filter bundled in the CUPS package did not restrict driver directories. An attacker could possibly use this issue to execute arbitrary code with the privileges of the lp user. (CVE-2013-6476)

Affected

cups on Ubuntu 10.04 LTS

References

https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-March/002438.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6474, CVE-2013-6475, CVE-2013-6476
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for cups, cupsys vulnerabilities USN-906-1
Ubuntu Update for cmake vulnerabilities USN-890-6
Ubuntu Update for apache2 vulnerability USN-990-2
Ubuntu Update for apr USN-1134-1
Ubuntu Update for apt USN-1762-1

Ubuntu Update for cups USN-2144-1

Take action and discover your vulnerabilities