{"id":"MGASA-2014-0267","summary":"Updated cups-filter packages fix security vulnerabilities","details":"In cups-filters before 1.0.53, out-of-bounds accesses in the\nprocess_browse_data function when reading the packet variable could\nleading to a crash, thus resulting in a denial of service \n(CVE-2014-4337).\n\nIn cups-filters before 1.0.53, if there was only a single BrowseAllow\nline in cups-browsed.conf and its host specification was invalid, this\nwas interpreted as if no BrowseAllow line had been specified, which\nresulted in it accepting browse packets from all hosts (CVE-2014-4338).\n\nThe CVE-2014-2707 issue with malicious broadcast packets, which had been\nfixed in Mageia Bug 13216 (MGASA-2014-0181), had not been completely\nfixed by that update. A more complete fix was implemented in\ncups-filters 1.0.53 (CVE-2014-4336).\n\nNote that only systems that have enabled the affected feature by using\nthe CreateIPPPrinterQueues configuration directive in\n/etc/cups/cups-browsed.conf were affected by the CVE-2014-2707 / \nCVE-2014-4336 issue.\n","modified":"2026-01-30T15:25:17.561094Z","published":"2014-06-19T20:26:53Z","related":["CVE-2014-4336","CVE-2014-4337","CVE-2014-4338"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0267.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13273"},{"type":"REPORT","url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132626.html"},{"type":"REPORT","url":"http://advisories.mageia.org/MGASA-2014-0181.html"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2014/06/19/12"}],"affected":[{"package":{"name":"cups-filters","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/cups-filters?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.53-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0267.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}