CVE-2014-3537 (retired)

Priority
Description
The web interface in CUPS before 1.7.4 allows local users in the lp group
to read arbitrary files via a symlink attack on a file in
/var/cache/cups/rss/.
Assigned-to
mdeslaur
Notes
jdstrandper upstream, requires web interface to be enabled
mdeslaurpatch in 1.7.4 is slightly different than the one in the bug
Package
Source: cups (LP Ubuntu Debian)
Upstream:released (1.7.4-1)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (1.7.4-1)
Patches:
Upstream:https://www.cups.org/strfiles.php/3363/str4450.patch
More Information

Updated: 2019-10-09 07:50:25 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)