cups is vulnerable to information disclosure. The vulnerability exists as the web interface allows local users in the Ip group to read arbitrary files through symlinks. This vulnerability exists through an incomplete fix for CVE-2014-3537.
advisories.mageia.org/MGASA-2014-0313.html
rhn.redhat.com/errata/RHSA-2014-1388.html
secunia.com/advisories/60509
secunia.com/advisories/60787
www.debian.org/security/2014/dsa-2990
www.mandriva.com/security/advisories?name=MDVSA-2015:108
www.openwall.com/lists/oss-security/2014/07/22/13
www.openwall.com/lists/oss-security/2014/07/22/2
www.ubuntu.com/usn/USN-2341-1
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/cups.html#RHSA-2014-1388
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1012482
bugzilla.redhat.com/show_bug.cgi?id=978387
cups.org/str.php?L4455
rhn.redhat.com/errata/RHSA-2014-1388.html