Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-5030

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.

Related bugs and status

CVE-2014-5030 (Candidate) is related to these bugs:

Bug #1349387: server settings are inaccessible

		In	Importance	Status
1349387	server settings are inaccessible	cups (Ubuntu)	Undecided	Fix Released
1349387	server settings are inaccessible	cups (Ubuntu Utopic)	Undecided	Fix Released
1349387	server settings are inaccessible	cups (Ubuntu Trusty)	Undecided	Fix Released
1349387	server settings are inaccessible	cups (Ubuntu Lucid)	Undecided	Fix Released
1349387	server settings are inaccessible	cups (Ubuntu Precise)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2014072...
MLIST: [oss-security] 2014072...
CONFIRM: https://cups.org/str.p...
DEBIAN: DSA-2990
SECUNIA: 60509
REDHAT: RHSA-2014:1388
UBUNTU: USN-2341-1
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:108
SECUNIA: 60787