[Touch-packages] [Bug 1349387] Re: server settings are inaccessible

Launchpad Bug Tracker Mon, 08 Sep 2014 07:22:12 -0700

This bug was fixed in the package cups - 1.7.2-0ubuntu1.2

---------------
cups (1.7.2-0ubuntu1.2) trusty-security; urgency=medium


  * SECURITY UPDATE: privilege escalation via symlinks and world-readable
    permissions
    - debian/patches/CVE-2014-50xx.patch: add some more symlink and
      permission checks to scheduler/client.c.
    - CVE-2014-5029
    - CVE-2014-5030
    - CVE-2014-5031
  * debian/patches/cups-restore-access-to-logfiles.patch: fix regressions
    caused by recent security updates by allowing access to cupsd.conf and
    the log files. (LP: #1349387)
 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>   Fri, 05 Sep 2014 15:04:59 
-0400

** Changed in: cups (Ubuntu Trusty)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-5030

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-5031

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1349387

Title:
  server settings are inaccessible

Status in “cups” package in Ubuntu:
  Fix Released
Status in “cups” source package in Lucid:
  Fix Released
Status in “cups” source package in Precise:
  Fix Released
Status in “cups” source package in Trusty:
  Fix Released
Status in “cups” source package in Utopic:
  Fix Released

Bug description:
  When trying to access server settings  via gnome gui in trusty I get a
  cups server error: "There was an HTTP error: Not found."

  Adding/removing printers with the gui works fine. The server settings
  are accessible via a web browser and the web interface.

  system-config-printer --debug (when calling the settings menu entry):
  Connected as user kiran
  Authentication pass: 1
  Authentication: password callback set
  PolicyKit call to FileGet did not work: dbus.String(u'Not Found')
  Authentication pass: 2
  Forbidden: False
  Authentication: Try as root
  Connected as user root
  Authentication pass: 3
  Forbidden: False
  Authentication: giving up

  cups access.log:
  localhost - - [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf 
HTTP/1.1" 401 0 - -
  localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf 
HTTP/1.1" 404 0 - -
  localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf 
HTTP/1.1" 404 0 - -
  localhost - - [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf 
HTTP/1.1" 401 0 - -
  localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf 
HTTP/1.1" 404 0 - -
  localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf 
HTTP/1.1" 404 0 - -
  localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf 
HTTP/1.1" 404 0 - -
  localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf 
HTTP/1.1" 404 0 - -

  cups error.log:
  D [28/Jul/2014:13:41:22 +0200] [Client 15] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:22 +0200] [Client 15] Waiting for request.
  D [28/Jul/2014:13:41:22 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:22 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:22 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:22 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 16] No authentication data provided.
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username=""
  D [28/Jul/2014:13:41:23 +0200] [Client 16] WWW-Authenticate: Basic 
realm="CUPS", trc="y"
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Authorized as root using PeerCred
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
  I [28/Jul/2014:13:41:23 +0200] [Client 16] Files/directories such as 
"/etc/cups/cupsd.conf" must be world-readable.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing because Keep-Alive disabled
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Authorized as root using PeerCred
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
  I [28/Jul/2014:13:41:23 +0200] [Client 16] Files/directories such as 
"/etc/cups/cupsd.conf" must be world-readable.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing because Keep-Alive disabled
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 15] No authentication data provided.
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username=""
  D [28/Jul/2014:13:41:23 +0200] [Client 15] WWW-Authenticate: Basic 
realm="CUPS", trc="y"
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Authorized as root using Local
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
  I [28/Jul/2014:13:41:23 +0200] [Client 15] Files/directories such as 
"/etc/cups/cupsd.conf" must be world-readable.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing because Keep-Alive disabled
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Authorized as root using PeerCred
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
  I [28/Jul/2014:13:41:23 +0200] [Client 16] Files/directories such as 
"/etc/cups/cupsd.conf" must be world-readable.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing because Keep-Alive disabled
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Authorized as root using PeerCred
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
  I [28/Jul/2014:13:41:23 +0200] [Client 15] Files/directories such as 
"/etc/cups/cupsd.conf" must be world-readable.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing because Keep-Alive disabled
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
  D [28/Jul/2014:13:41:23 +0200] [Client 15] HTTP_STATE_WAITING Closing on EOF
  D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", 
busy="Not busy"
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Authorized as root using Local
  D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
  I [28/Jul/2014:13:41:23 +0200] [Client 16] Files/directories such as 
"/etc/cups/cupsd.conf" must be world-readable.
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing because Keep-Alive disabled
  D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
  D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", 
busy="Active clients"
  D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
  D [28/Jul/2014:13:41:24 +0200] cupsd is not idle any more, canceling shutdown.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1349387/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1349387] Re: server settings are inaccessible

Reply via email to