Updated cups packages fix CVE-2014-2856
Publication date: 24 Apr 2014Modification date: 24 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-2856
Description
Updated cups packages fix security vulnerability:
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix
Printing System (CUPS) before 1.7.2 allows remote attackers to inject
arbitrary web script or HTML via the URL path, related to the is_path_absolute
function (CVE-2014-2856).
References
SRPMS
3/core
- cups-1.5.4-9.2.mga3
4/core
- cups-1.7.0-7.1.mga4