Bugzilla – Bug 883536
VUL-0: CVE-2014-4338: cups-filters: unsupported BrowseAllow value lets cups-browsed accept from all hosts
Last modified: 2014-07-30 14:00:55 UTC
rh#1091568 cups-browsed: SECURITY FIX: Fix on usage of the "BrowseAllow" directive in cups-browsed.conf. Before, if the argument of a "BrowseAllow" directive is not understood it is treated as the directive not having been there, allowing any host if this was the only "BrowseAllow" directive. Now we treat this as a directive which no host can fulfill, not allowing any host if it was the only one. No "BrowseAllow" directive means access for all, as before. Issue was discussed in bnc#871327 but SLE12 is not fixed. References: https://bugzilla.redhat.com/show_bug.cgi?id=1091568 http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7195 https://bugs.linuxfoundation.org/show_bug.cgi?id=1204
bugbot adjusting priority
It is fixed everywhere, for openSUSE:Factory, for OBS "Printing", and for SLE12. See bnc#883543 for details or see the cups-filters.changes files for openSUSE:Factory, for OBS "Printing", and for SLE12. FYI: At the time when we at SUSE had already fixed it there was not yet CVE-2014-4338 assigned and therefore for example a dumb automated serach for this CVE-2014-4338 cannot find it in cups-filters.changes.
*** This bug has been marked as a duplicate of bug 871327 ***
This is an autogenerated message for OBS integration: This bug (883536) was mentioned in https://build.opensuse.org/request/show/243029 Factory / cups-filters