USN-2210-1: cups-filters vulnerability

8 May 2014

cups-filters vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in cups-filters.

Software Description

  • cups-filters - OpenPrinting CUPS Filters

Details

Sebastian Krahmer discovered that cups-browsed incorrectly filtered remote printer names and strings. A remote attacker could use this issue to possibly execute arbitrary commands. (CVE-2014-2707)

Johannes Meixner discovered that cups-browsed ignored invalid BrowseAllow directives. This could cause it to accept browse packets from all hosts, contrary to intended configuration.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS
cups-browsed - 1.0.52-0ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References