Ubuntu
cups package

server settings are inaccessible

Bug #1349387 reported by b3nmore
40
This bug affects 7 people
Affects Status Importance Assigned to Milestone
cups (Ubuntu)
Fix Released
Undecided
Marc Deslauriers
Lucid
Fix Released
Undecided
Marc Deslauriers
Precise
Fix Released
Undecided
Marc Deslauriers
Trusty
Fix Released
Undecided
Marc Deslauriers
Utopic
Fix Released
Undecided
Marc Deslauriers

Bug Description

When trying to access server settings via gnome gui in trusty I get a cups server error: "There was an HTTP error: Not found."

Adding/removing printers with the gui works fine. The server settings are accessible via a web browser and the web interface.

system-config-printer --debug (when calling the settings menu entry):
Connected as user kiran
Authentication pass: 1
Authentication: password callback set
PolicyKit call to FileGet did not work: dbus.String(u'Not Found')
Authentication pass: 2
Forbidden: False
Authentication: Try as root
Connected as user root
Authentication pass: 3
Forbidden: False
Authentication: giving up

cups access.log:
localhost - - [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 401 0 - -
localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 404 0 - -
localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 404 0 - -
localhost - - [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 401 0 - -
localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 404 0 - -
localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 404 0 - -
localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 404 0 - -
localhost - root [28/Jul/2014:13:40:42 +0200] "GET /admin/conf/cupsd.conf HTTP/1.1" 404 0 - -

cups error.log:
D [28/Jul/2014:13:41:22 +0200] [Client 15] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:22 +0200] [Client 15] Waiting for request.
D [28/Jul/2014:13:41:22 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:22 +0200] [Client 16] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:22 +0200] [Client 16] Waiting for request.
D [28/Jul/2014:13:41:22 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] [Client 16] No authentication data provided.
D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username=""
D [28/Jul/2014:13:41:23 +0200] [Client 16] WWW-Authenticate: Basic realm="CUPS", trc="y"
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] [Client 16] Authorized as root using PeerCred
D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
I [28/Jul/2014:13:41:23 +0200] [Client 16] Files/directories such as "/etc/cups/cupsd.conf" must be world-readable.
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing because Keep-Alive disabled
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] [Client 16] Authorized as root using PeerCred
D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
I [28/Jul/2014:13:41:23 +0200] [Client 16] Files/directories such as "/etc/cups/cupsd.conf" must be world-readable.
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing because Keep-Alive disabled
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 15] GET /admin/conf/cupsd.conf HTTP/1.1
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] [Client 15] No authentication data provided.
D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username=""
D [28/Jul/2014:13:41:23 +0200] [Client 15] WWW-Authenticate: Basic realm="CUPS", trc="y"
D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] [Client 15] HTTP_STATE_WAITING Closing on EOF
D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 15] GET /admin/conf/cupsd.conf HTTP/1.1
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] [Client 15] Authorized as root using Local
D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
I [28/Jul/2014:13:41:23 +0200] [Client 15] Files/directories such as "/etc/cups/cupsd.conf" must be world-readable.
D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing because Keep-Alive disabled
D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] [Client 15] HTTP_STATE_WAITING Closing on EOF
D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] [Client 16] Authorized as root using PeerCred
D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
I [28/Jul/2014:13:41:23 +0200] [Client 16] Files/directories such as "/etc/cups/cupsd.conf" must be world-readable.
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing because Keep-Alive disabled
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] [Client 15] HTTP_STATE_WAITING Closing on EOF
D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] [Client 16] HTTP_STATE_WAITING Closing on EOF
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 15] GET /admin/conf/cupsd.conf HTTP/1.1
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] [Client 15] Authorized as root using PeerCred
D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
I [28/Jul/2014:13:41:23 +0200] [Client 15] Files/directories such as "/etc/cups/cupsd.conf" must be world-readable.
D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing because Keep-Alive disabled
D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 15] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 15] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] Accepted from localhost (Domain)
D [28/Jul/2014:13:41:23 +0200] [Client 16] Waiting for request.
D [28/Jul/2014:13:41:23 +0200] [Client 15] HTTP_STATE_WAITING Closing on EOF
D [28/Jul/2014:13:41:23 +0200] [Client 15] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:23 +0200] [Client 16] GET /admin/conf/cupsd.conf HTTP/1.1
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Active clients", busy="Not busy"
D [28/Jul/2014:13:41:23 +0200] [Client 16] Authorized as root using Local
D [28/Jul/2014:13:41:23 +0200] cupsdIsAuthorized: username="root"
I [28/Jul/2014:13:41:23 +0200] [Client 16] Files/directories such as "/etc/cups/cupsd.conf" must be world-readable.
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing because Keep-Alive disabled
D [28/Jul/2014:13:41:23 +0200] [Client 16] Closing connection.
D [28/Jul/2014:13:41:23 +0200] cupsdSetBusyState: newbusy="Not busy", busy="Active clients"
D [28/Jul/2014:13:41:23 +0200] cupsd is not idle any more, canceling shutdown.
D [28/Jul/2014:13:41:24 +0200] cupsd is not idle any more, canceling shutdown.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in system-config-printer (Ubuntu):
status: New → Confirmed
Revision history for this message
Gevorg (gevorg) wrote :

Error doesn't happen in a fresh install of 14.04 but after applying all updates as of today, the issue appears. First time, it works, but second and subsequent times it doesn't.

Revision history for this message
Walker Gusmão (walker-praiseweb) wrote :

Same here (CUPS access.log):

localhost - root [21/Aug/2014:09:57:28 -0300] "GET /admin/conf/cupsd.conf HTTP/1.1" 404 0 - -

Every time I try enter configuration menu.

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty

$ system-config-printer --debug
OpenPrinting: Init ('pt_BR', 'UTF-8') 1 0
+<NewPrinterGUI object at 0x7f1bc40d0fa0 (newprinter+NewPrinterGUI at 0x2961d80)>
Connected as user david
+<PrinterPropertiesDialog object at 0x7f1bc40f4410 (printerproperties+PrinterPropertiesDialog at 0x29a70e0)>
<authconn.Connection instance at 0x7f1bb7eb4638>: Operation += obtendo detalhes da fila
Authentication pass: 1
Authentication: password callback set
Authentication pass: 1
Authentication: password callback set
Authentication pass: 1
Authentication: password callback set
<authconn.Connection instance at 0x7f1bb7eb4638>: Operation ended
+<ppdcache.PPDCache instance at 0x7f1bbc023518>
refresh
Created subscription 425, events=['printer-added', 'printer-deleted', 'printer-state-changed']
Next notifications fetch in 1s
update_jobs
get_notifications
update_jobs
Next notifications fetch in 60s
Connected as user david
Authentication pass: 1
Authentication: password callback set
PolicyKit call to FileGet did not work: dbus.String(u'Not Found')
Authentication pass: 2
Forbidden: False
Authentication: Try as root
Connected as user root
Authentication pass: 3
Forbidden: False
Authentication: giving up
Canceled subscription 425
DESTROY: <PrinterPropertiesDialog object at 0x7f1bc40f4410 (printerproperties+PrinterPropertiesDialog at 0x29a70e0)>
DESTROY: <NewPrinterGUI object at 0x7f1bc40d0fa0 (newprinter+NewPrinterGUI at 0x2961d80)>

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cups (Ubuntu):
status: New → Confirmed
Revision history for this message
Bruno Nova (brunonova) wrote :

I discovered this problems as well today.

The first time I went (today) to the server settings to enable sharing, it worked fine.
After that, I was unable to open it again, always seeing the reported error. Even after a reboot.
Fortunately, the web interface was still working (open "http://localhost:631" in the web browser).

Revision history for this message
Bruno Nova (brunonova) wrote :

I've been trying to debug system-config-printer with pdb to find the bug.
In cupspk.py, line 118:

    pk_retval = pk_function(*pk_args)

where FileGet is called (remote call?) to CUPS (when the configure menu is pressed) with:

    pk_args = ('/admin/conf/cupsd.conf', '/tmp/somefile')

it returns "Not Found".

If I go to "localhost:361/admin/conf/cupsd.conf" in Firefox, it also returns "Not Found".
Actually, if I try to access the logs from the CUPS Administration page in Firefox it also returns "Not Found".

So the bug is probably in CUPS.
Although it is strange that the 1st time that the Configure option is accessed, it worked.

Revision history for this message
Bruno Nova (brunonova) wrote :

I think I found the cause of the problem! It's a permissions issue.

I enabled "LogLevel debug2" in /etc/cups/cupsd.conf, then opened error log with "tail -f /var/log/cups/error_log".
When I access, for example, the error log in the browser (http://localhost:631/admin/log/error_log), these interesting messages are printed:

    I [22/Aug/2014:14:11:19 +0100] [Client 15] Files/directories such as "/var/log/cups/error_log" must be world-readable.
    d [22/Aug/2014:14:11:19 +0100] [Client 15] cupsdSendError code=404, auth_type=0
    D [22/Aug/2014:14:11:19 +0100] [Client 15] Closing because Keep-Alive disabled
    D [22/Aug/2014:14:11:19 +0100] [Client 15] Closing connection.

And, indeed, the /var/log/cups/error_log file is not world-readable. In fact, the permissions are: -rw-r----- root adm
If I run:

    sudo chmod o+r /var/log/cups/error_log

then try to access the logs again, it works.

When trying to access the server settings through system-config-printer, the same messages are printed, but for the /etc/cups/cupsd.conf file.
Its permissions are: -rw-r----- root lp

Running the chmod for that file fixes the issue, and lets you access the server settings... until the OK button in that dialog is pressed. Then the permissions are reverted and the problem appears again! That's why the problem didn't occur in the first time.

Therefore, the problem is in cups, not in system-config-printer!
Changing the permissions (and not reverting them) would fix the problem, but I don't know what are the security implications.

Revision history for this message
Bruno Nova (brunonova) wrote :

It seems the check for the world-readable permission was added in the latest security update.

"apt-get source cups", then open cups-1.7.2/debian/patches/CVE-2014-3537.patch and look at these lines:

+ /*
+ * Similarly, if the file/directory does not have world read permissions, do
+ * not allow access...
+ */
+
+ if (!status && !(filestats->st_mode & S_IROTH))
+ {
+ cupsdLogMessage(CUPSD_LOG_INFO, "[Client %d] Files/directories such as \"%s\" must be world-readable.", con->http.fd, filename);
+ return (NULL);
+ }

That looks familiar.
The permissions of all CUPS files (especially the ones mentioned in the previous comment) should be revised. The world-readable bit may be missing in those files.
Also need to see why the permissions of /etc/cups/cupsd.conf are reverted when they are changed in the GUI and fix that.

Bruno Nova (brunonova)
Changed in system-config-printer (Ubuntu):
status: Confirmed → Invalid
Revision history for this message
Bruno Nova (brunonova) wrote :

The update was to fix CVE-2014-3537 (as mentioned above).
But that fix is incomplete: CVE-2014-5029 (not fixed in Ubuntu yet: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-5029.html)

CUPS developers know of this regression: https://cups.org/str.php?L4461
There's also a fix in that bug report, already shipped for Debian, and another patch which was just added.
So this will be fixed, eventually.

@Marc Deslauriers, I subscribed you so that you are aware of this bug report in Launchpad (even though you already are aware of the regression).

Bruno Nova (brunonova)
tags: added: regression-update trusty
Marc Deslauriers (mdeslaur)
no longer affects: system-config-printer (Ubuntu)
Changed in cups (Ubuntu Lucid):
status: New → Confirmed
Changed in cups (Ubuntu Precise):
status: New → Confirmed
Changed in cups (Ubuntu Trusty):
status: New → Confirmed
Changed in cups (Ubuntu Lucid):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in cups (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in cups (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in cups (Ubuntu Utopic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Marc Deslauriers (mdeslaur)
Changed in cups (Ubuntu Utopic):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cups - 1.7.2-0ubuntu1.2

---------------
cups (1.7.2-0ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via symlinks and world-readable
    permissions
    - debian/patches/CVE-2014-50xx.patch: add some more symlink and
      permission checks to scheduler/client.c.
    - CVE-2014-5029
    - CVE-2014-5030
    - CVE-2014-5031
  * debian/patches/cups-restore-access-to-logfiles.patch: fix regressions
    caused by recent security updates by allowing access to cupsd.conf and
    the log files. (LP: #1349387)
 -- Marc Deslauriers <email address hidden> Fri, 05 Sep 2014 15:04:59 -0400

Changed in cups (Ubuntu Trusty):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cups - 1.5.3-0ubuntu8.5

---------------
cups (1.5.3-0ubuntu8.5) precise-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via symlinks and world-readable
    permissions
    - debian/patches/CVE-2014-50xx.patch: add some more symlink and
      permission checks to scheduler/client.c.
    - CVE-2014-5029
    - CVE-2014-5030
    - CVE-2014-5031
  * debian/patches/cups-restore-access-to-logfiles.patch: fix regressions
    caused by recent security updates by allowing access to cupsd.conf and
    the log files. (LP: #1349387)
 -- Marc Deslauriers <email address hidden> Fri, 05 Sep 2014 15:17:47 -0400

Changed in cups (Ubuntu Precise):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cups - 1.4.3-1ubuntu1.13

---------------
cups (1.4.3-1ubuntu1.13) lucid-security; urgency=medium

  * SECURITY UPDATE: privilege escalation via symlinks and world-readable
    permissions
    - debian/patches/CVE-2014-50xx.dpatch: add some more symlink and
      permission checks to scheduler/client.c.
    - CVE-2014-5029
    - CVE-2014-5030
    - CVE-2014-5031
  * debian/patches/cups-restore-access-to-logfiles.dpatch: fix regressions
    caused by recent security updates by allowing access to cupsd.conf and
    the log files. (LP: #1349387)
 -- Marc Deslauriers <email address hidden> Fri, 05 Sep 2014 15:21:01 -0400

Changed in cups (Ubuntu Lucid):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.