CVE-2014-5031
Published: 29 July 2014
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
Notes
Author | Note |
---|---|
mdeslaur | The patch below introduces a regression preventing the web interface from being able to read log files. (See comments in bug 4455.) |
Priority
Status
Package | Release | Status |
---|---|---|
cups Launchpad, Ubuntu, Debian |
upstream |
Released
(1.7.4-5)
|
lucid |
Released
(1.4.3-1ubuntu1.13)
|
|
precise |
Released
(1.5.3-0ubuntu8.5)
|
|
trusty |
Does not exist
(trusty was released [1.7.2-0ubuntu1.2])
|
|
Patches: upstream: https://cups.org/strfiles.php/3371/str4455-1.7.patch |