Oval Definition:oval:com.redhat.rhsa:def:20141795
Revision Date:2014-11-03Version:636
Title:RHSA-2014:1795: cups-filters security update (Moderate)
Description:The cups-filters package contains backends, filters, and other software that was once part of the core CUPS distribution but is now maintained independently.

  • An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon. (CVE-2014-4337)

  • A flaw was found in the way the cups-browsed daemon interpreted the "BrowseAllow" directive in the cups-browsed.conf file. An attacker able to add a malformed "BrowseAllow" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions. (CVE-2014-4338)

    All cups-filters users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cups-browsed daemon will be restarted automatically.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2014-4337
    CVE-2014-4338
    RHSA-2014:1795
    RHSA-2014:1795-00
    RHSA-2014:1795-01
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • cups-filters is earlier than 0:1.0.35-15.el7_0.1
  • AND cups-filters is signed with Red Hat redhatrelease2 key
  • cups-filters-devel is earlier than 0:1.0.35-15.el7_0.1
  • AND cups-filters-devel is signed with Red Hat redhatrelease2 key
  • cups-filters-libs is earlier than 0:1.0.35-15.el7_0.1
  • AND cups-filters-libs is signed with Red Hat redhatrelease2 key
    • BACK