USN-2210-1: cups-filters vulnerability

Ubuntu Security Notice USN-2210-1

8th May, 2014

cups-filters vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in cups-filters.

Software description

  • cups-filters - OpenPrinting CUPS Filters

Details

Sebastian Krahmer discovered that cups-browsed incorrectly filtered remote
printer names and strings. A remote attacker could use this issue to
possibly execute arbitrary commands. (CVE-2014-2707)

Johannes Meixner discovered that cups-browsed ignored invalid BrowseAllow
directives. This could cause it to accept browse packets from all hosts,
contrary to intended configuration.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 14.04 LTS:
cups-browsed 1.0.52-0ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-2707