PublicDateAtUSN: 2013-12-31
Candidate: CVE-2013-6891
PublicDate: 2014-01-26 01:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6891
 https://ubuntu.com/security/notices/USN-2082-1
Description:
 lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows
 local users to read portions of arbitrary files via a modified HOME
 environment variable and a symlink attack involving .cups/client.conf.
Ubuntu-Description:
Notes:
Bugs:
 https://www.cups.org/str.php?L4319
Priority: medium
Discovered-by: Jann Horn
Assigned-to: mdeslaur
CVSS: 

Patches_cups:
upstream_cups: released (1.7.1-1)
lucid_cups: not-affected (code not present)
precise_cups: not-affected (code not present)
quantal_cups: released (1.6.1-0ubuntu11.5)
raring_cups: released (1.6.2-1ubuntu8)
saucy_cups: released (1.7.0~rc1-0ubuntu5.2)
devel_cups: not-affected (1.7.1-1)