New Search

RHSA-2014:1795 -- cups-filters security update (Moderate)

oval:org.mitre.oval:def:28375

The cups-filters package contains backends filters and other software that was once part of the core CUPS distribution but is now maintained independently. An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that when processed by cups-browsed would crash the cups-browsed daemon. (CVE-2014-4337) A flaw was found in the way the cups-browsed daemon interpreted the "BrowseAllow" directive in the cups-browsed.conf file. An attacker able to add a malformed "BrowseAllow" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions. (CVE-2014-4338) All cups-filters users are advised to upgrade to these updated packages which contain backported patches to correct these issues. After installing this update the cups-browsed daemon will be restarted automatically.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 7
  • Red Hat Enterprise Linux 7
Class:
patch
Reference(s):
  • RHSA-2014:1795
  • CESA-2014:1795
  • CVE-2014-4337
  • CVE-2014-4338
Product(s):
  • cups-filters