Advisories » MGASA-2014-0170

Updated cups-filters packages fix security vulnerabilities

Publication date: 15 Apr 2014
Modification date: 25 Mar 2026
Type: security
Affected Mageia releases : 4
CVE: CVE-2013-6473 , CVE-2013-6474 , CVE-2013-6475 , CVE-2013-6476

Description

Updated cups-filters packages fix security vulnerabilities:

Florian Weimer discovered that cups-filters incorrectly handled memory
in the urftopdf filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user (CVE-2013-6473).

Florian Weimer discovered that cups-filters incorrectly handled memory
in the pdftoopvp filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user (CVE-2013-6474,
CVE-2013-6475).

Florian Weimer discovered that cups-filters did not restrict driver
directories in the pdftoopvp filter. An attacker could possibly use
this issue to execute arbitrary code with the privileges of the lp user
(CVE-2013-6476).
                

References

• http://www.ubuntu.com/usn/usn-2143-1/
• https://bugs.mageia.org/show_bug.cgi?id=13002
• https://www.cve.org/CVERecord?id=CVE-2013-6473
• https://www.cve.org/CVERecord?id=CVE-2013-6474
• https://www.cve.org/CVERecord?id=CVE-2013-6475
• https://www.cve.org/CVERecord?id=CVE-2013-6476

SRPMS

4/core

• cups-filters-1.0.41-3.2.mga4