oval:org.mitre.oval:def:27056

Definition Id: oval:org.mitre.oval:def:27056

Oval ID:	oval:org.mitre.oval:def:27056
Title:	RHSA-2014:1388: cups security and bug fix update (Moderate)
Description:	CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A cross-site scripting (XSS) flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. (CVE-2014-2856) It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031) The CVE-2014-3537 issue was discovered by Francisco Alonso of Red Hat Product Security. These updated cups packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:1388-01 CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 CESA-2014:1388	Version:	5
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	cups
Definition Synopsis:
Red Hat Enterprise Linux 6 and CentOS Linux 6 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages match section cups is earlier than 1:1.4.2-67.el6 AND cups-devel is earlier than 1:1.4.2-67.el6 AND cups-libs is earlier than 1:1.4.2-67.el6 AND cups-lpd is earlier than 1:1.4.2-67.el6 AND cups-php is earlier than 1:1.4.2-67.el6 AND Red Hat Enterprise Linux 6 release section The operating system installed on the system is Red Hat Enterprise Linux 6 AND cups-debuginfo is earlier than 1:1.4.2-67.el6

Definition Id: oval:org.mitre.oval:def:20273

Oval ID:	oval:org.mitre.oval:def:20273
Title:	The operating system installed on the system is Red Hat Enterprise Linux 6
Description:	The operating system installed on the system is Red Hat Enterprise Linux 6.
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:redhat:enterprise_linux:6	Version:	6
Platform(s):	Red Hat Enterprise Linux 6	Product(s):
Definition Synopsis:
Red Hat Enterprise 6 is installed AND NOT Oracle Linux 6.x is installed
Referenced By:
oval:org.mitre.oval:def:27056 oval:org.mitre.oval:def:27056

Definition Id: oval:org.mitre.oval:def:16337

Oval ID:	oval:org.mitre.oval:def:16337
Title:	The operating system installed on the system is CentOS Linux 6.x
Description:	The operating system installed on the system is CentOS Linux 6.x
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:centos:centos:6	Version:	5
Platform(s):	CentOS Linux 6	Product(s):
Definition Synopsis:
the installed operating system is part of the Unix family AND CentOS Linux 6.x is installed
Referenced By:
oval:org.mitre.oval:def:27056

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0376s

Facebook rss twitter linkedin mail