OracleVM 3.3 : cups (OVMSA-2014-0035)

high Nessus Plugin ID 79550

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- Revert change to whitelist /rss/ resources, as this was not used upstream.

- More STR #4461 fixes from upstream: make rss feeds world-readable, but cachedir private.

- Fix icon display in web interface during server restart (STR #4475).

- Fixes for upstream patch for STR #4461: allow /rss/ requests for files we created.

- Use upstream patch for STR #4461.

- Applied upstream patch to fix CVE-2014-5029 (bug #1122600), CVE-2014-5030 (bug #1128764), CVE-2014-5031 (bug #1128767).

- Fix conf/log file reading for authenticated users (STR #4461).

- Fix CGI handling (STR #4454, bug #1120419).

- fix patch for CVE-2014-3537 (bug #1117794)

- CVE-2014-2856: cross-site scripting flaw (bug #1117798)

- CVE-2014-3537: insufficient checking leads to privilege escalation (bug #1117794)

- Removed package description changes.

- Applied patch to fix 'Bad request' errors as a result of adding in httpSetTimeout (STR #4440, also part of svn revision 9967).

- Fixed timeout issue with cupsd reading when there is no data ready (bug #1110045).

- Fixed synconclose patch to avoid 'too many arguments for format' warning.

- Fixed settimeout patch to include math.h for fmod declaration.

- Fixed typo preventing web interface from changing driver (bug #1104483, STR #3601).

- Fixed SyncOnClose patch (bug #984883).

- Use upstream patch to avoid replaying GSS credentials (bug #1040293).

- Prevent BrowsePoll problems across suspend/resume (bug #769292) :

- Eliminate indefinite wait for response (svn revision 9688).

- Backported httpSetTimeout API function from CUPS 1.5 and use it in the ipp backend so that we wait indefinitely until the printer responds, we get a hard error, or the job is cancelled.

- cups-polld: reconnect on error.

- Added new SyncOnClose directive to use fsync after altering configuration files: defaults to 'Yes'. Adjust in cupsd.conf (bug #984883).

- Fix cupsctl man page typo (bug #1011076).

- Use more portable rpm specfile syntax for conditional php building (bug #988598).

- Fix SetEnv directive in cupsd.conf (bug #986495).

- Fix 'collection' attribute sending (bug #978387).

- Prevent format_log segfault (bug #971079).

- Prevent stringpool corruption (bug #884851).

- Don't crash when job queued for printer that times out (bug #855431).

- Upstream patch for broken multipart handling (bug #852846).

- Install /etc/cron.daily/cups with correct permissions (bug #1012482).

- Fixes for jobs with multiple files and multiple formats (bug #972242).

- Applied patch to fix CVE-2012-5519 (privilege escalation for users in SystemGroup or with equivalent polkit permission). This prevents HTTP PUT requests with paths under /admin/conf/ other than that for cupsd.conf, and also prevents such requests altering certain configuration directives such as PageLog and FileDevice (bug #875898).

Solution

Update the affected cups / cups-libs packages.

See Also

http://www.nessus.org/u?5c27127c

Plugin Details

Severity: High

ID: 79550

File Name: oraclevm_OVMSA-2014-0035.nasl

Version: 1.7

Type: local

Published: 11/26/2014

Updated: 1/4/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:cups, p-cpe:/a:oracle:vm:cups-libs, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/4/2014

Vulnerability Publication Date: 11/19/2012

Reference Information

CVE: CVE-2012-5519, CVE-2014-2856, CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031

BID: 56494, 66788, 68788, 68842, 68846, 68847