var-201502-0428
Vulnerability from variot
Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. CUPS cupsRasterReadPixels is prone to a buffer overflow vulnerability because it fails to perform adequate boundary checks. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: cups security update Advisory ID: RHSA-2015:1123-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1123.html Issue date: 2015-06-17 CVE Names: CVE-2014-9679 CVE-2015-1158 CVE-2015-1159 =====================================================================
- Summary:
Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems.
A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158)
A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. An attacker could create a specially-crafted image file, which when passed via the cups Raster filter, could cause the cups filter to crash. (CVE-2014-9679)
Red Hat would like to thank the CERT/CC for reporting CVE-2015-1158 and CVE-2015-1159 issues.
All cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1191588 - CVE-2014-9679 cups: cupsRasterReadPixels buffer overflow 1221641 - CVE-2015-1158 cups: incorrect string reference counting (VU#810572) 1221642 - CVE-2015-1159 cups: cross-site scripting flaw in CUPS web UI (VU#810572)
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: cups-1.4.2-67.el6_6.1.src.rpm
i386: cups-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-lpd-1.4.2-67.el6_6.1.i686.rpm
x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-php-1.4.2-67.el6_6.1.i686.rpm
x86_64: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: cups-1.4.2-67.el6_6.1.src.rpm
x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: cups-1.4.2-67.el6_6.1.src.rpm
i386: cups-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-lpd-1.4.2-67.el6_6.1.i686.rpm
ppc64: cups-1.4.2-67.el6_6.1.ppc64.rpm cups-debuginfo-1.4.2-67.el6_6.1.ppc.rpm cups-debuginfo-1.4.2-67.el6_6.1.ppc64.rpm cups-devel-1.4.2-67.el6_6.1.ppc.rpm cups-devel-1.4.2-67.el6_6.1.ppc64.rpm cups-libs-1.4.2-67.el6_6.1.ppc.rpm cups-libs-1.4.2-67.el6_6.1.ppc64.rpm cups-lpd-1.4.2-67.el6_6.1.ppc64.rpm
s390x: cups-1.4.2-67.el6_6.1.s390x.rpm cups-debuginfo-1.4.2-67.el6_6.1.s390.rpm cups-debuginfo-1.4.2-67.el6_6.1.s390x.rpm cups-devel-1.4.2-67.el6_6.1.s390.rpm cups-devel-1.4.2-67.el6_6.1.s390x.rpm cups-libs-1.4.2-67.el6_6.1.s390.rpm cups-libs-1.4.2-67.el6_6.1.s390x.rpm cups-lpd-1.4.2-67.el6_6.1.s390x.rpm
x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-php-1.4.2-67.el6_6.1.i686.rpm
ppc64: cups-debuginfo-1.4.2-67.el6_6.1.ppc64.rpm cups-php-1.4.2-67.el6_6.1.ppc64.rpm
s390x: cups-debuginfo-1.4.2-67.el6_6.1.s390x.rpm cups-php-1.4.2-67.el6_6.1.s390x.rpm
x86_64: cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: cups-1.4.2-67.el6_6.1.src.rpm
i386: cups-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-lpd-1.4.2-67.el6_6.1.i686.rpm
x86_64: cups-1.4.2-67.el6_6.1.x86_64.rpm cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-devel-1.4.2-67.el6_6.1.i686.rpm cups-devel-1.4.2-67.el6_6.1.x86_64.rpm cups-libs-1.4.2-67.el6_6.1.i686.rpm cups-libs-1.4.2-67.el6_6.1.x86_64.rpm cups-lpd-1.4.2-67.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386: cups-debuginfo-1.4.2-67.el6_6.1.i686.rpm cups-php-1.4.2-67.el6_6.1.i686.rpm
x86_64: cups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm cups-php-1.4.2-67.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source: cups-1.6.3-17.el7_1.1.src.rpm
noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm
x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: cups-1.6.3-17.el7_1.1.src.rpm
noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm
x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: cups-1.6.3-17.el7_1.1.src.rpm
noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm
ppc64: cups-1.6.3-17.el7_1.1.ppc64.rpm cups-client-1.6.3-17.el7_1.1.ppc64.rpm cups-debuginfo-1.6.3-17.el7_1.1.ppc.rpm cups-debuginfo-1.6.3-17.el7_1.1.ppc64.rpm cups-devel-1.6.3-17.el7_1.1.ppc.rpm cups-devel-1.6.3-17.el7_1.1.ppc64.rpm cups-libs-1.6.3-17.el7_1.1.ppc.rpm cups-libs-1.6.3-17.el7_1.1.ppc64.rpm cups-lpd-1.6.3-17.el7_1.1.ppc64.rpm
s390x: cups-1.6.3-17.el7_1.1.s390x.rpm cups-client-1.6.3-17.el7_1.1.s390x.rpm cups-debuginfo-1.6.3-17.el7_1.1.s390.rpm cups-debuginfo-1.6.3-17.el7_1.1.s390x.rpm cups-devel-1.6.3-17.el7_1.1.s390.rpm cups-devel-1.6.3-17.el7_1.1.s390x.rpm cups-libs-1.6.3-17.el7_1.1.s390.rpm cups-libs-1.6.3-17.el7_1.1.s390x.rpm cups-lpd-1.6.3-17.el7_1.1.s390x.rpm
x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: cups-1.6.3-17.ael7b_1.1.src.rpm
noarch: cups-filesystem-1.6.3-17.ael7b_1.1.noarch.rpm
ppc64le: cups-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-client-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-debuginfo-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-devel-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-libs-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-lpd-1.6.3-17.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: cups-debuginfo-1.6.3-17.el7_1.1.ppc64.rpm cups-ipptool-1.6.3-17.el7_1.1.ppc64.rpm
s390x: cups-debuginfo-1.6.3-17.el7_1.1.s390x.rpm cups-ipptool-1.6.3-17.el7_1.1.s390x.rpm
x86_64: cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64le: cups-debuginfo-1.6.3-17.ael7b_1.1.ppc64le.rpm cups-ipptool-1.6.3-17.ael7b_1.1.ppc64le.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: cups-1.6.3-17.el7_1.1.src.rpm
noarch: cups-filesystem-1.6.3-17.el7_1.1.noarch.rpm
x86_64: cups-1.6.3-17.el7_1.1.x86_64.rpm cups-client-1.6.3-17.el7_1.1.x86_64.rpm cups-debuginfo-1.6.3-17.el7_1.1.i686.rpm cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-devel-1.6.3-17.el7_1.1.i686.rpm cups-devel-1.6.3-17.el7_1.1.x86_64.rpm cups-libs-1.6.3-17.el7_1.1.i686.rpm cups-libs-1.6.3-17.el7_1.1.x86_64.rpm cups-lpd-1.6.3-17.el7_1.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: cups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm cups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2014-9679 https://access.redhat.com/security/cve/CVE-2015-1158 https://access.redhat.com/security/cve/CVE-2015-1159 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFVgeHcXlSAg2UNWIIRAh1nAJ98EaDYp4J/i4NRT5iKDxSHRt5fVgCeOhjy Z4wgeyBJzfNJJ63iLHjIPPg= =T7rG -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
In CUPS before 1.7.4, a local user with privileges of group=lp can write symbolic links in the rss directory and use that to gain '@SYSTEM' group privilege with cupsd (CVE-2014-3537).
It was discovered that the web interface in CUPS incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation (CVE-2014-5029, CVE-2014-5030, CVE-2014-5031).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9679 http://advisories.mageia.org/MGASA-2014-0193.html http://advisories.mageia.org/MGASA-2014-0313.html http://advisories.mageia.org/MGASA-2015-0067.html
Updated Packages:
Mandriva Business Server 2/X86_64: 0d1f31885b6c118b63449f2fdd821666 mbs2/x86_64/cups-1.7.0-8.1.mbs2.x86_64.rpm b5337600a386f902763653796a2cefdf mbs2/x86_64/cups-common-1.7.0-8.1.mbs2.x86_64.rpm 7b1513d85b5f22cd90bed23a35e44f51 mbs2/x86_64/cups-filesystem-1.7.0-8.1.mbs2.noarch.rpm c25fa9b9bba101274984fa2b7a62f7a3 mbs2/x86_64/lib64cups2-1.7.0-8.1.mbs2.x86_64.rpm df24a6b84fdafffaadf961ab4aa3640b mbs2/x86_64/lib64cups2-devel-1.7.0-8.1.mbs2.x86_64.rpm 5c172624c992de8ebb2bf8a2b232ee3a mbs2/SRPMS/cups-1.7.0-8.1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVF6q1mqjQ0CJFipgRAuxXAKDq8A/WlNzp54yRN7xnKy8ZBaRZQwCfSAh0 n7hHPzmYVzh2wFP6PffIl0E= =ykhv -----END PGP SIGNATURE----- .
For the stable distribution (wheezy), this problem has been fixed in version 1.5.3-5+deb7u5.
For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 1.7.5-11.
We recommend that you upgrade your cups packages. ============================================================================ Ubuntu Security Notice USN-2520-1 February 26, 2015
cups vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
CUPS could be made to crash or run programs if it processed a specially crafted file.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.10: cups 1.7.5-3ubuntu3.1
Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.5
Ubuntu 12.04 LTS: cups 1.5.3-0ubuntu8.6
Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.14
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0428",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cups",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "cups",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "2.0.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "hat enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "hat enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "red",
"version": "6"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "aura experience portal",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "72594"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001562"
},
{
"db": "NVD",
"id": "CVE-2014-9679"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-325"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9679"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Peter De Wachter",
"sources": [
{
"db": "BID",
"id": "72594"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-325"
}
],
"trust": 0.9
},
"cve": "CVE-2014-9679",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-9679",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-77624",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9679",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-325",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-77624",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-9679",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77624"
},
{
"db": "VULMON",
"id": "CVE-2014-9679"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001562"
},
{
"db": "NVD",
"id": "CVE-2014-9679"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-325"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer underflow in the cupsRasterReadPixels function in filter/raster.c in CUPS before 2.0.2 allows remote attackers to have unspecified impact via a malformed compressed raster file, which triggers a buffer overflow. CUPS cupsRasterReadPixels is prone to a buffer overflow vulnerability because it fails to perform adequate boundary checks. \nAn attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: cups security update\nAdvisory ID: RHSA-2015:1123-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2015-1123.html\nIssue date: 2015-06-17\nCVE Names: CVE-2014-9679 CVE-2015-1158 CVE-2015-1159 \n=====================================================================\n\n1. Summary:\n\nUpdated cups packages that fix multiple security issues are now available\nfor Red Hat Enterprise Linux 6 and 7. \n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nCUPS provides a portable printing layer for Linux, UNIX, and similar\noperating systems. \n\nA string reference count bug was found in cupsd, causing premature freeing\nof string objects. An attacker can submit a malicious print job that\nexploits this flaw to dismantle ACLs protecting privileged operations,\nallowing a replacement configuration file to be uploaded which in turn\nallows the attacker to run arbitrary code in the CUPS server\n(CVE-2015-1158)\n\nA cross-site scripting flaw was found in the cups web templating engine. An\nattacker could use this flaw to bypass the default configuration settings \nthat bind the CUPS scheduler to the \u0027localhost\u0027 or loopback interface. An attacker could\ncreate a specially-crafted image file, which when passed via the cups\nRaster filter, could cause the cups filter to crash. (CVE-2014-9679)\n\nRed Hat would like to thank the CERT/CC for reporting CVE-2015-1158 and \nCVE-2015-1159 issues. \n\nAll cups users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. After installing this\nupdate, the cupsd daemon will be restarted automatically. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1191588 - CVE-2014-9679 cups: cupsRasterReadPixels buffer overflow\n1221641 - CVE-2015-1158 cups: incorrect string reference counting (VU#810572)\n1221642 - CVE-2015-1159 cups: cross-site scripting flaw in CUPS web UI (VU#810572)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\ncups-1.4.2-67.el6_6.1.src.rpm\n\ni386:\ncups-1.4.2-67.el6_6.1.i686.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.i686.rpm\ncups-libs-1.4.2-67.el6_6.1.i686.rpm\ncups-lpd-1.4.2-67.el6_6.1.i686.rpm\n\nx86_64:\ncups-1.4.2-67.el6_6.1.x86_64.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.i686.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm\ncups-libs-1.4.2-67.el6_6.1.i686.rpm\ncups-libs-1.4.2-67.el6_6.1.x86_64.rpm\ncups-lpd-1.4.2-67.el6_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\ncups-debuginfo-1.4.2-67.el6_6.1.i686.rpm\ncups-devel-1.4.2-67.el6_6.1.i686.rpm\ncups-php-1.4.2-67.el6_6.1.i686.rpm\n\nx86_64:\ncups-debuginfo-1.4.2-67.el6_6.1.i686.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm\ncups-devel-1.4.2-67.el6_6.1.i686.rpm\ncups-devel-1.4.2-67.el6_6.1.x86_64.rpm\ncups-php-1.4.2-67.el6_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\ncups-1.4.2-67.el6_6.1.src.rpm\n\nx86_64:\ncups-1.4.2-67.el6_6.1.x86_64.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.i686.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm\ncups-libs-1.4.2-67.el6_6.1.i686.rpm\ncups-libs-1.4.2-67.el6_6.1.x86_64.rpm\ncups-lpd-1.4.2-67.el6_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\ncups-debuginfo-1.4.2-67.el6_6.1.i686.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm\ncups-devel-1.4.2-67.el6_6.1.i686.rpm\ncups-devel-1.4.2-67.el6_6.1.x86_64.rpm\ncups-php-1.4.2-67.el6_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\ncups-1.4.2-67.el6_6.1.src.rpm\n\ni386:\ncups-1.4.2-67.el6_6.1.i686.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.i686.rpm\ncups-devel-1.4.2-67.el6_6.1.i686.rpm\ncups-libs-1.4.2-67.el6_6.1.i686.rpm\ncups-lpd-1.4.2-67.el6_6.1.i686.rpm\n\nppc64:\ncups-1.4.2-67.el6_6.1.ppc64.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.ppc.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.ppc64.rpm\ncups-devel-1.4.2-67.el6_6.1.ppc.rpm\ncups-devel-1.4.2-67.el6_6.1.ppc64.rpm\ncups-libs-1.4.2-67.el6_6.1.ppc.rpm\ncups-libs-1.4.2-67.el6_6.1.ppc64.rpm\ncups-lpd-1.4.2-67.el6_6.1.ppc64.rpm\n\ns390x:\ncups-1.4.2-67.el6_6.1.s390x.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.s390.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.s390x.rpm\ncups-devel-1.4.2-67.el6_6.1.s390.rpm\ncups-devel-1.4.2-67.el6_6.1.s390x.rpm\ncups-libs-1.4.2-67.el6_6.1.s390.rpm\ncups-libs-1.4.2-67.el6_6.1.s390x.rpm\ncups-lpd-1.4.2-67.el6_6.1.s390x.rpm\n\nx86_64:\ncups-1.4.2-67.el6_6.1.x86_64.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.i686.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm\ncups-devel-1.4.2-67.el6_6.1.i686.rpm\ncups-devel-1.4.2-67.el6_6.1.x86_64.rpm\ncups-libs-1.4.2-67.el6_6.1.i686.rpm\ncups-libs-1.4.2-67.el6_6.1.x86_64.rpm\ncups-lpd-1.4.2-67.el6_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\ncups-debuginfo-1.4.2-67.el6_6.1.i686.rpm\ncups-php-1.4.2-67.el6_6.1.i686.rpm\n\nppc64:\ncups-debuginfo-1.4.2-67.el6_6.1.ppc64.rpm\ncups-php-1.4.2-67.el6_6.1.ppc64.rpm\n\ns390x:\ncups-debuginfo-1.4.2-67.el6_6.1.s390x.rpm\ncups-php-1.4.2-67.el6_6.1.s390x.rpm\n\nx86_64:\ncups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm\ncups-php-1.4.2-67.el6_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\ncups-1.4.2-67.el6_6.1.src.rpm\n\ni386:\ncups-1.4.2-67.el6_6.1.i686.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.i686.rpm\ncups-devel-1.4.2-67.el6_6.1.i686.rpm\ncups-libs-1.4.2-67.el6_6.1.i686.rpm\ncups-lpd-1.4.2-67.el6_6.1.i686.rpm\n\nx86_64:\ncups-1.4.2-67.el6_6.1.x86_64.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.i686.rpm\ncups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm\ncups-devel-1.4.2-67.el6_6.1.i686.rpm\ncups-devel-1.4.2-67.el6_6.1.x86_64.rpm\ncups-libs-1.4.2-67.el6_6.1.i686.rpm\ncups-libs-1.4.2-67.el6_6.1.x86_64.rpm\ncups-lpd-1.4.2-67.el6_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\ncups-debuginfo-1.4.2-67.el6_6.1.i686.rpm\ncups-php-1.4.2-67.el6_6.1.i686.rpm\n\nx86_64:\ncups-debuginfo-1.4.2-67.el6_6.1.x86_64.rpm\ncups-php-1.4.2-67.el6_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ncups-1.6.3-17.el7_1.1.src.rpm\n\nnoarch:\ncups-filesystem-1.6.3-17.el7_1.1.noarch.rpm\n\nx86_64:\ncups-1.6.3-17.el7_1.1.x86_64.rpm\ncups-client-1.6.3-17.el7_1.1.x86_64.rpm\ncups-debuginfo-1.6.3-17.el7_1.1.i686.rpm\ncups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm\ncups-libs-1.6.3-17.el7_1.1.i686.rpm\ncups-libs-1.6.3-17.el7_1.1.x86_64.rpm\ncups-lpd-1.6.3-17.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ncups-debuginfo-1.6.3-17.el7_1.1.i686.rpm\ncups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm\ncups-devel-1.6.3-17.el7_1.1.i686.rpm\ncups-devel-1.6.3-17.el7_1.1.x86_64.rpm\ncups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ncups-1.6.3-17.el7_1.1.src.rpm\n\nnoarch:\ncups-filesystem-1.6.3-17.el7_1.1.noarch.rpm\n\nx86_64:\ncups-1.6.3-17.el7_1.1.x86_64.rpm\ncups-client-1.6.3-17.el7_1.1.x86_64.rpm\ncups-debuginfo-1.6.3-17.el7_1.1.i686.rpm\ncups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm\ncups-libs-1.6.3-17.el7_1.1.i686.rpm\ncups-libs-1.6.3-17.el7_1.1.x86_64.rpm\ncups-lpd-1.6.3-17.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ncups-debuginfo-1.6.3-17.el7_1.1.i686.rpm\ncups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm\ncups-devel-1.6.3-17.el7_1.1.i686.rpm\ncups-devel-1.6.3-17.el7_1.1.x86_64.rpm\ncups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ncups-1.6.3-17.el7_1.1.src.rpm\n\nnoarch:\ncups-filesystem-1.6.3-17.el7_1.1.noarch.rpm\n\nppc64:\ncups-1.6.3-17.el7_1.1.ppc64.rpm\ncups-client-1.6.3-17.el7_1.1.ppc64.rpm\ncups-debuginfo-1.6.3-17.el7_1.1.ppc.rpm\ncups-debuginfo-1.6.3-17.el7_1.1.ppc64.rpm\ncups-devel-1.6.3-17.el7_1.1.ppc.rpm\ncups-devel-1.6.3-17.el7_1.1.ppc64.rpm\ncups-libs-1.6.3-17.el7_1.1.ppc.rpm\ncups-libs-1.6.3-17.el7_1.1.ppc64.rpm\ncups-lpd-1.6.3-17.el7_1.1.ppc64.rpm\n\ns390x:\ncups-1.6.3-17.el7_1.1.s390x.rpm\ncups-client-1.6.3-17.el7_1.1.s390x.rpm\ncups-debuginfo-1.6.3-17.el7_1.1.s390.rpm\ncups-debuginfo-1.6.3-17.el7_1.1.s390x.rpm\ncups-devel-1.6.3-17.el7_1.1.s390.rpm\ncups-devel-1.6.3-17.el7_1.1.s390x.rpm\ncups-libs-1.6.3-17.el7_1.1.s390.rpm\ncups-libs-1.6.3-17.el7_1.1.s390x.rpm\ncups-lpd-1.6.3-17.el7_1.1.s390x.rpm\n\nx86_64:\ncups-1.6.3-17.el7_1.1.x86_64.rpm\ncups-client-1.6.3-17.el7_1.1.x86_64.rpm\ncups-debuginfo-1.6.3-17.el7_1.1.i686.rpm\ncups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm\ncups-devel-1.6.3-17.el7_1.1.i686.rpm\ncups-devel-1.6.3-17.el7_1.1.x86_64.rpm\ncups-libs-1.6.3-17.el7_1.1.i686.rpm\ncups-libs-1.6.3-17.el7_1.1.x86_64.rpm\ncups-lpd-1.6.3-17.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ncups-1.6.3-17.ael7b_1.1.src.rpm\n\nnoarch:\ncups-filesystem-1.6.3-17.ael7b_1.1.noarch.rpm\n\nppc64le:\ncups-1.6.3-17.ael7b_1.1.ppc64le.rpm\ncups-client-1.6.3-17.ael7b_1.1.ppc64le.rpm\ncups-debuginfo-1.6.3-17.ael7b_1.1.ppc64le.rpm\ncups-devel-1.6.3-17.ael7b_1.1.ppc64le.rpm\ncups-libs-1.6.3-17.ael7b_1.1.ppc64le.rpm\ncups-lpd-1.6.3-17.ael7b_1.1.ppc64le.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\ncups-debuginfo-1.6.3-17.el7_1.1.ppc64.rpm\ncups-ipptool-1.6.3-17.el7_1.1.ppc64.rpm\n\ns390x:\ncups-debuginfo-1.6.3-17.el7_1.1.s390x.rpm\ncups-ipptool-1.6.3-17.el7_1.1.s390x.rpm\n\nx86_64:\ncups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm\ncups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64le:\ncups-debuginfo-1.6.3-17.ael7b_1.1.ppc64le.rpm\ncups-ipptool-1.6.3-17.ael7b_1.1.ppc64le.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ncups-1.6.3-17.el7_1.1.src.rpm\n\nnoarch:\ncups-filesystem-1.6.3-17.el7_1.1.noarch.rpm\n\nx86_64:\ncups-1.6.3-17.el7_1.1.x86_64.rpm\ncups-client-1.6.3-17.el7_1.1.x86_64.rpm\ncups-debuginfo-1.6.3-17.el7_1.1.i686.rpm\ncups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm\ncups-devel-1.6.3-17.el7_1.1.i686.rpm\ncups-devel-1.6.3-17.el7_1.1.x86_64.rpm\ncups-libs-1.6.3-17.el7_1.1.i686.rpm\ncups-libs-1.6.3-17.el7_1.1.x86_64.rpm\ncups-lpd-1.6.3-17.el7_1.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\ncups-debuginfo-1.6.3-17.el7_1.1.x86_64.rpm\ncups-ipptool-1.6.3-17.el7_1.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2014-9679\nhttps://access.redhat.com/security/cve/CVE-2015-1158\nhttps://access.redhat.com/security/cve/CVE-2015-1159\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2015 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFVgeHcXlSAg2UNWIIRAh1nAJ98EaDYp4J/i4NRT5iKDxSHRt5fVgCeOhjy\nZ4wgeyBJzfNJJ63iLHjIPPg=\n=T7rG\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n \n In CUPS before 1.7.4, a local user with privileges of group=lp\n can write symbolic links in the rss directory and use that to gain\n \u0026#039;@SYSTEM\u0026#039; group privilege with cupsd (CVE-2014-3537). \n \n It was discovered that the web interface in CUPS incorrectly\n validated permissions on rss files and directory index files. A local\n attacker could possibly use this issue to bypass file permissions\n and read arbitrary files, possibly leading to a privilege escalation\n (CVE-2014-5029, CVE-2014-5030, CVE-2014-5031). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2856\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9679\n http://advisories.mageia.org/MGASA-2014-0193.html\n http://advisories.mageia.org/MGASA-2014-0313.html\n http://advisories.mageia.org/MGASA-2015-0067.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 0d1f31885b6c118b63449f2fdd821666 mbs2/x86_64/cups-1.7.0-8.1.mbs2.x86_64.rpm\n b5337600a386f902763653796a2cefdf mbs2/x86_64/cups-common-1.7.0-8.1.mbs2.x86_64.rpm\n 7b1513d85b5f22cd90bed23a35e44f51 mbs2/x86_64/cups-filesystem-1.7.0-8.1.mbs2.noarch.rpm\n c25fa9b9bba101274984fa2b7a62f7a3 mbs2/x86_64/lib64cups2-1.7.0-8.1.mbs2.x86_64.rpm\n df24a6b84fdafffaadf961ab4aa3640b mbs2/x86_64/lib64cups2-devel-1.7.0-8.1.mbs2.x86_64.rpm \n 5c172624c992de8ebb2bf8a2b232ee3a mbs2/SRPMS/cups-1.7.0-8.1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVF6q1mqjQ0CJFipgRAuxXAKDq8A/WlNzp54yRN7xnKy8ZBaRZQwCfSAh0\nn7hHPzmYVzh2wFP6PffIl0E=\n=ykhv\n-----END PGP SIGNATURE-----\n. \n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.5.3-5+deb7u5. \n\nFor the upcoming stable distribution (jessie) and unstable\ndistribution (sid), this problem has been fixed in version 1.7.5-11. \n\nWe recommend that you upgrade your cups packages. ============================================================================\nUbuntu Security Notice USN-2520-1\nFebruary 26, 2015\n\ncups vulnerability\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nCUPS could be made to crash or run programs if it processed a specially\ncrafted file. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.10:\n cups 1.7.5-3ubuntu3.1\n\nUbuntu 14.04 LTS:\n cups 1.7.2-0ubuntu1.5\n\nUbuntu 12.04 LTS:\n cups 1.5.3-0ubuntu8.6\n\nUbuntu 10.04 LTS:\n cups 1.4.3-1ubuntu1.14\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9679"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001562"
},
{
"db": "BID",
"id": "72594"
},
{
"db": "VULHUB",
"id": "VHN-77624"
},
{
"db": "VULMON",
"id": "CVE-2014-9679"
},
{
"db": "PACKETSTORM",
"id": "132346"
},
{
"db": "PACKETSTORM",
"id": "131116"
},
{
"db": "PACKETSTORM",
"id": "130542"
},
{
"db": "PACKETSTORM",
"id": "130600"
},
{
"db": "PACKETSTORM",
"id": "130552"
}
],
"trust": 2.52
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-77624",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77624"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9679",
"trust": 3.4
},
{
"db": "BID",
"id": "72594",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1031776",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/02/10/15",
"trust": 1.2
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2015/02/12/12",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001562",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2020.2340",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201502-325",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "132346",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130542",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130600",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "130552",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-77624",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-9679",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131116",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77624"
},
{
"db": "VULMON",
"id": "CVE-2014-9679"
},
{
"db": "BID",
"id": "72594"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001562"
},
{
"db": "PACKETSTORM",
"id": "132346"
},
{
"db": "PACKETSTORM",
"id": "131116"
},
{
"db": "PACKETSTORM",
"id": "130542"
},
{
"db": "PACKETSTORM",
"id": "130600"
},
{
"db": "PACKETSTORM",
"id": "130552"
},
{
"db": "NVD",
"id": "CVE-2014-9679"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-325"
}
]
},
"id": "VAR-201502-0428",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-77624"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:50:35.749000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CUPS 2.0.2",
"trust": 0.8,
"url": "https://www.cups.org/index.php"
},
{
"title": "cups-2.0.2-source",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54144"
},
{
"title": "cups-2.0.2-source",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54145"
},
{
"title": "Debian CVElist Bug Report Logs: cups: CVE-2014-9679",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1a87d56755db0065c2a0c7449dd4e2be"
},
{
"title": "Debian CVElist Bug Report Logs: cups: CVE-2014-9679",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e71ef12eceb0d70c4961d9f82bfceb82"
},
{
"title": "Ubuntu Security Notice: cups vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2520-1"
},
{
"title": "Debian Security Advisories: DSA-3172-1 cups -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ce7961d5d53ed439bb84237c6de63fd6"
},
{
"title": "Amazon Linux AMI: ALAS-2015-559",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2015-559"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=976a4da35d55283870dbb31b88a6c655"
},
{
"title": "afl-cve",
"trust": 0.1,
"url": "https://github.com/mrash/afl-cve "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-9679"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001562"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-325"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77624"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001562"
},
{
"db": "NVD",
"id": "CVE-2014-9679"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "http://advisories.mageia.org/mgasa-2015-0067.html"
},
{
"trust": 1.3,
"url": "http://rhn.redhat.com/errata/rhsa-2015-1123.html"
},
{
"trust": 1.3,
"url": "http://www.ubuntu.com/usn/usn-2520-1"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/72594"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"trust": 1.2,
"url": "https://www.cups.org/str.php?l4551"
},
{
"trust": 1.2,
"url": "http://www.debian.org/security/2015/dsa-3172"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-february/150177.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-february/150171.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201607-06"
},
{
"trust": 1.2,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:049"
},
{
"trust": 1.2,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:108"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2015/02/10/15"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2015/02/12/12"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1031776"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00098.html"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9679"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9679"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2340/"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9679"
},
{
"trust": 0.3,
"url": "http://www.cups.org/"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.2,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508021"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37545"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2520-1/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1158"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2014-9679"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-1158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1159"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-1159"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5031"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5029"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5030"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-2856"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5029"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0193.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-5031"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5030"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2856"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0313.html"
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/cups/1.7.5-3ubuntu3.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu8.6"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-77624"
},
{
"db": "VULMON",
"id": "CVE-2014-9679"
},
{
"db": "BID",
"id": "72594"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001562"
},
{
"db": "PACKETSTORM",
"id": "132346"
},
{
"db": "PACKETSTORM",
"id": "131116"
},
{
"db": "PACKETSTORM",
"id": "130542"
},
{
"db": "PACKETSTORM",
"id": "130600"
},
{
"db": "PACKETSTORM",
"id": "130552"
},
{
"db": "NVD",
"id": "CVE-2014-9679"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-325"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-77624"
},
{
"db": "VULMON",
"id": "CVE-2014-9679"
},
{
"db": "BID",
"id": "72594"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001562"
},
{
"db": "PACKETSTORM",
"id": "132346"
},
{
"db": "PACKETSTORM",
"id": "131116"
},
{
"db": "PACKETSTORM",
"id": "130542"
},
{
"db": "PACKETSTORM",
"id": "130600"
},
{
"db": "PACKETSTORM",
"id": "130552"
},
{
"db": "NVD",
"id": "CVE-2014-9679"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-325"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-77624"
},
{
"date": "2015-02-19T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9679"
},
{
"date": "2015-02-10T00:00:00",
"db": "BID",
"id": "72594"
},
{
"date": "2015-02-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001562"
},
{
"date": "2015-06-17T23:50:32",
"db": "PACKETSTORM",
"id": "132346"
},
{
"date": "2015-03-30T21:33:02",
"db": "PACKETSTORM",
"id": "131116"
},
{
"date": "2015-02-26T17:12:29",
"db": "PACKETSTORM",
"id": "130542"
},
{
"date": "2015-03-02T17:24:01",
"db": "PACKETSTORM",
"id": "130600"
},
{
"date": "2015-02-26T17:14:29",
"db": "PACKETSTORM",
"id": "130552"
},
{
"date": "2015-02-19T15:59:11.313000",
"db": "NVD",
"id": "CVE-2014-9679"
},
{
"date": "2015-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-325"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-77624"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2014-9679"
},
{
"date": "2016-07-06T15:03:00",
"db": "BID",
"id": "72594"
},
{
"date": "2015-02-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001562"
},
{
"date": "2018-10-30T16:27:35.843000",
"db": "NVD",
"id": "CVE-2014-9679"
},
{
"date": "2020-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-325"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "130542"
},
{
"db": "PACKETSTORM",
"id": "130552"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-325"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CUPS of filter/raster.c Inside cupsRasterReadPixels Integer underflow vulnerability in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001562"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-325"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.