USN-2629-1: CUPS vulnerabilities
10 June 2015
Several security issues were fixed in CUPS.
- cups - Common UNIX Printing System(tm)
It was discovered that CUPS incorrectly handled reference counting when
handling localized strings. A remote attacker could use this issue to
escalate permissions, upload a replacement CUPS configuration file, and
execute arbitrary code. (CVE-2015-1158)
It was discovered that the CUPS templating engine contained a cross-site
scripting issue. A remote attacker could use this issue to bypass default
configuration settings. (CVE-2015-1159)
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.