Updated cups-filters packages fix security vulnerabilities
Publication date: 15 Apr 2014Modification date: 15 Apr 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2013-6473 , CVE-2013-6474 , CVE-2013-6475 , CVE-2013-6476
Description
Updated cups-filters packages fix security vulnerabilities:
Florian Weimer discovered that cups-filters incorrectly handled memory
in the urftopdf filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user (CVE-2013-6473).
Florian Weimer discovered that cups-filters incorrectly handled memory
in the pdftoopvp filter. An attacker could possibly use this issue to
execute arbitrary code with the privileges of the lp user (CVE-2013-6474,
CVE-2013-6475).
Florian Weimer discovered that cups-filters did not restrict driver
directories in in the pdftoopvp filter. An attacker could possibly use
this issue to execute arbitrary code with the privileges of the lp user
(CVE-2013-6476).
References
- http://www.ubuntu.com/usn/usn-2143-1/
- https://bugs.mageia.org/show_bug.cgi?id=13002
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6473
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6474
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6475
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6476
SRPMS
4/core
- cups-filters-1.0.41-3.2.mga4