Launchpad CVE tracker

CVE 2014-3537

The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.

Related bugs and status

CVE-2014-3537 (Candidate) is related to these bugs:

Bug #1349387: server settings are inaccessible

		In	Importance	Status
1349387	server settings are inaccessible	cups (Ubuntu)	Undecided	Fix Released
1349387	server settings are inaccessible	cups (Ubuntu Utopic)	Undecided	Fix Released
1349387	server settings are inaccessible	cups (Ubuntu Trusty)	Undecided	Fix Released
1349387	server settings are inaccessible	cups (Ubuntu Lucid)	Undecided	Fix Released
1349387	server settings are inaccessible	cups (Ubuntu Precise)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securitytra...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://archives.neohap...
MISC: http://lists.fedorapro...
MISC: http://www.mandriva.co...
MISC: https://bugzilla.redha...
MISC: http://rhn.redhat.com/...
MISC: http://www.ubuntu.com/...
MISC: http://advisories.mage...
MISC: http://www.cups.org/bl...
MISC: http://www.cups.org/st...
MISC: https://support.apple....

Launchpad.net

CVE 2014-3537

Related bugs and status

Related bugs

References