It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation. For the stable distribution (wheezy), these problems have been fixed in version 1.5.3-5+deb7u4. For the unstable distribution (sid), these problems have been fixed in version 1.7.4-2. We recommend that you upgrade your cups packages.
It was discovered that the web interface in CUPS, the Common UNIX Printing System, incorrectly validated permissions on rss files and directory index files. A local attacker could possibly use this issue to bypass file permissions and read arbitrary files, possibly leading to a privilege escalation.
For the stable distribution (wheezy), these problems have been fixed in version 1.5.3-5+deb7u4.
For the unstable distribution (sid), these problems have been fixed in version 1.7.4-2.
We recommend that you upgrade your cups packages.