[SECURITY] [DLA 239-1] cups security update

2015-06-0910:27:06

lists.debian.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.918

Percentile

99.0%

JSON

Package : cups
Version : 1.4.4-7+squeeze8
CVE ID : CVE-2015-1158 CVE-2015-1159

Two critical vulnerabilities have been found in the CUPS printing
system:

CVE-2015-1158 - Improper Update of Reference Count
Cupsd uses reference-counted strings with global scope. When parsing
a print job request, cupsd over-decrements the reference count for a
string from the request. As a result, an attacker can prematurely
free an arbitrary string of global scope. They can use this to
dismantle ACL’s protecting privileged operations, and upload a
replacement configuration file, and subsequently run arbitrary code
on a target machine.

This bug is exploitable in default configurations, and does not
require any special permissions other than the basic ability to
print.

CVE-2015-1159 - Cross-Site Scripting
A cross-site scripting bug in the CUPS templating engine allows the
above bug to be exploited when a user browses the web. This XSS is
reachable in the default configuration for Linux instances of CUPS,
and allows an attacker to bypass default configuration settings that
bind the CUPS scheduler to the ‘localhost’ or loopback interface.

OSVersionArchitecturePackageVersionFilename
Debian7powerpclibcupsimage2< 1.5.3-5+deb7u6libcupsimage2_1.5.3-5+deb7u6_powerpc.deb
Debian8kfreebsd-amd64libcupsimage2-dev< 1.7.5-11+deb8u1libcupsimage2-dev_1.7.5-11+deb8u1_kfreebsd-amd64.deb
Debian6i386libcupscgi1< 1.4.4-7+squeeze8libcupscgi1_1.4.4-7+squeeze8_i386.deb
Debian7sparccups-ppdc< 1.5.3-5+deb7u6cups-ppdc_1.5.3-5+deb7u6_sparc.deb
Debian6amd64cups-dbg< 1.4.4-7+squeeze8cups-dbg_1.4.4-7+squeeze8_amd64.deb
Debian7kfreebsd-amd64cups< 1.5.3-5+deb7u6cups_1.5.3-5+deb7u6_kfreebsd-amd64.deb
Debian8powerpclibcupscgi1-dev< 1.7.5-11+deb8u1libcupscgi1-dev_1.7.5-11+deb8u1_powerpc.deb
Debian7armelcups-bsd< 1.5.3-5+deb7u6cups-bsd_1.5.3-5+deb7u6_armel.deb
Debian7amd64libcups2< 1.5.3-5+deb7u6libcups2_1.5.3-5+deb7u6_amd64.deb
Debian8ppc64elcups< 1.7.5-11+deb8u1cups_1.7.5-11+deb8u1_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	powerpc	libcupsimage2	< 1.5.3-5+deb7u6	libcupsimage2_1.5.3-5+deb7u6_powerpc.deb
Debian	8	kfreebsd-amd64	libcupsimage2-dev	< 1.7.5-11+deb8u1	libcupsimage2-dev_1.7.5-11+deb8u1_kfreebsd-amd64.deb
Debian	6	i386	libcupscgi1	< 1.4.4-7+squeeze8	libcupscgi1_1.4.4-7+squeeze8_i386.deb
Debian	7	sparc	cups-ppdc	< 1.5.3-5+deb7u6	cups-ppdc_1.5.3-5+deb7u6_sparc.deb
Debian	6	amd64	cups-dbg	< 1.4.4-7+squeeze8	cups-dbg_1.4.4-7+squeeze8_amd64.deb
Debian	7	kfreebsd-amd64	cups	< 1.5.3-5+deb7u6	cups_1.5.3-5+deb7u6_kfreebsd-amd64.deb
Debian	8	powerpc	libcupscgi1-dev	< 1.7.5-11+deb8u1	libcupscgi1-dev_1.7.5-11+deb8u1_powerpc.deb
Debian	7	armel	cups-bsd	< 1.5.3-5+deb7u6	cups-bsd_1.5.3-5+deb7u6_armel.deb
Debian	7	amd64	libcups2	< 1.5.3-5+deb7u6	libcups2_1.5.3-5+deb7u6_amd64.deb
Debian	8	ppc64el	cups	< 1.7.5-11+deb8u1	cups_1.7.5-11+deb8u1_ppc64el.deb