SECURITY

Ubuntu Security Notice USN-2839-1 16th December, 2015 cups update A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 14.04 LTS Summary A security improvement has been made to CUPS. Software description cups – Common UNIX Printing System(tm) Details As a security improvement against the POODLE attack, this update disablesSSLv3 support in the CUPS web interface. For legacy environments where SSLv3 support is still required, it can bere-enabled by adding "SSLOptions AllowSSL3" to /etc/cups/cupsd.conf. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References LP: 1505328 Source: ubuntu-usn

Ubuntu Security Notice USN-2838-2 16th December, 2015 foomatic-filters vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Summary foomatic-filters could be made to run programs as the lp user if it processed a specially crafted print job. Software description foomatic-filters – OpenPrinting printer support – filters Details Adam Chester discovered that the foomatic-filters foomatic-rip filterincorrectly stripped shell escape characters. A remote attacker couldpossibly use this issue to execute arbitrary code as the lp user. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 12.04 LTS: foomatic-filters 4.0.16-0ubuntu0.4 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-8560 Source: ubuntu-usn

Ubuntu Security Notice USN-2838-1 16th December, 2015 cups-filters vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 15.10 Ubuntu 15.04 Ubuntu 14.04 LTS Summary cups-filters could be made to run programs as the lp user if it processed a specially crafted print job. Software description cups-filters – OpenPrinting CUPS Filters Details Adam Chester discovered that the cups-filters foomatic-rip filterincorrectly stripped shell escape characters. A remote attacker couldpossibly use this issue to execute arbitrary code as the lp user. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 15.10: cups-filters 1.0.76-1ubuntu0.2 Ubuntu 15.04: cups-filters 1.0.67-0ubuntu2.6 Ubuntu 14.04 LTS: cups-filters 1.0.52-0ubuntu1.7 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2015-8560 Source: ubuntu-usn