Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-5031

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

Related bugs and status

CVE-2014-5031 (Candidate) is related to these bugs:

Bug #1349387: server settings are inaccessible

		In	Importance	Status
1349387	server settings are inaccessible	cups (Ubuntu)	Undecided	Fix Released
1349387	server settings are inaccessible	cups (Ubuntu Utopic)	Undecided	Fix Released
1349387	server settings are inaccessible	cups (Ubuntu Trusty)	Undecided	Fix Released
1349387	server settings are inaccessible	cups (Ubuntu Lucid)	Undecided	Fix Released
1349387	server settings are inaccessible	cups (Ubuntu Precise)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2014072...
MLIST: [oss-security] 2014072...
CONFIRM: https://cups.org/str.p...
DEBIAN: DSA-2990
SECUNIA: 60509
REDHAT: RHSA-2014:1388
UBUNTU: USN-2341-1
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:108
SECUNIA: 60787