CVE-2014-5031

Publication date 29 July 2014

Last updated 24 July 2024

Ubuntu priority

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cups	14.04 LTS trusty	Fixed 1.7.2-0ubuntu1.2
	12.04 LTS precise	Fixed 1.5.3-0ubuntu8.5
	10.04 LTS lucid	Fixed 1.4.3-1ubuntu1.13

How can I get the fixes?
What do statuses mean?
Patch details

Notes

mdeslaur

The patch below introduces a regression preventing the web interface from being able to read log files. (See comments in bug 4455.)

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
cups	Upstream: https://cups.org/strfiles.php/3371/str4455-1.7.patch

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2341-1
CUPS vulnerabilities
8 September 2014

Other references

http://seclists.org/oss-sec/2014/q3/209
https://www.cve.org/CVERecord?id=CVE-2014-5031