USN-2341-1: CUPS vulnerabilities

8 September 2014

CUPS could be made to expose sensitive information, leading to privilege escalation.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • cups - Common UNIX Printing System(tm)

Details

Salvatore Bonaccorso discovered that the CUPS web interface incorrectly
validated permissions and incorrectly handled symlinks. An attacker could
possibly use this issue to bypass file permissions and read arbitrary
files, possibly leading to a privilege escalation.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.