FreeBSD : cups -- multiple vulnerabilities (a40ec970-0efa-11e5-90e4-d050996490d0)

critical Nessus Plugin ID 84070

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

CUPS development team reports :

The new release addresses two security vulnerabilities, add localizations for German and Russian, and includes several general bug fixes. Changes include :

Security: Fixed CERT VU #810572/CVE-2015-1158/CVE-2015-1159 exploiting the dynamic linker (STR #4609)

Security: The scheduler could hang with malformed gzip data (STR #4602)

Solution

Update the affected package.

See Also

https://www.kb.cert.org/vuls/id/810572/

http://www.nessus.org/u?405b2fa9

https://www.cups.org/blog/2015-06-08-cups-2.0.3.html

Plugin Details

Severity: Critical

ID: 84070

File Name: freebsd_pkg_a40ec9700efa11e590e4d050996490d0.nasl

Version: 2.6

Type: local

Published: 6/10/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cups-base, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 6/9/2015

Vulnerability Publication Date: 6/9/2015

Reference Information

CVE: CVE-2015-1158, CVE-2015-1159