MGASA-2014-0267

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0267.html

Import Source

https://advisories.mageia.org/MGASA-2014-0267.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0267

Related

Published

2014-06-19T20:26:53Z

Modified

2014-06-19T20:26:44Z

Summary

Updated cups-filter packages fix security vulnerabilities

Details

In cups-filters before 1.0.53, out-of-bounds accesses in the processbrowsedata function when reading the packet variable could leading to a crash, thus resulting in a denial of service (CVE-2014-4337).

In cups-filters before 1.0.53, if there was only a single BrowseAllow line in cups-browsed.conf and its host specification was invalid, this was interpreted as if no BrowseAllow line had been specified, which resulted in it accepting browse packets from all hosts (CVE-2014-4338).

The CVE-2014-2707 issue with malicious broadcast packets, which had been fixed in Mageia Bug 13216 (MGASA-2014-0181), had not been completely fixed by that update. A more complete fix was implemented in cups-filters 1.0.53 (CVE-2014-4336).

Note that only systems that have enabled the affected feature by using the CreateIPPPrinterQueues configuration directive in /etc/cups/cups-browsed.conf were affected by the CVE-2014-2707 / CVE-2014-4336 issue.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / cups-filters

Package

Name: cups-filters
Purl: pkg:rpm/mageia/cups-filters?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.53-1.mga4

Ecosystem specific

{
    "section": "core"
}