Your submission was sent successfully! Close

CVE-2014-5030

Published: 29 July 2014

CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.

Priority

Medium

Status

Package Release Status
cups
Launchpad, Ubuntu, Debian 		lucid
Released (1.4.3-1ubuntu1.13)
precise
Released (1.5.3-0ubuntu8.5)
trusty Does not exist
(trusty was released [1.7.2-0ubuntu1.2])
upstream
Released (1.7.4-5)

Notes

AuthorNote
mdeslaur 
The patch below introduces a regression preventing the web
interface from being able to read log files. (See comments in
bug 4455.)

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading