Advisories ยป MGASA-2014-0193

Updated cups packages fix CVE-2014-2856

Publication date: 24 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2856

Description

Updated cups packages fix security vulnerability:

Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix
Printing System (CUPS) before 1.7.2 allows remote attackers to inject
arbitrary web script or HTML via the URL path, related to the is_path_absolute
function (CVE-2014-2856).
                

References

SRPMS

3/core

4/core