LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:179: cups Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability was discovered and corrected in cups: CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:179
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : cups
 Date    : December 12, 2012
 Affected: 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in cups:
 
 CUPS 1.4.4, when running in certain Linux distributions such as
 Debian GNU/Linux, stores the web interface administrator key in
 /var/run/cups/certs/0 using certain permissions, which allows local
 users in the lpadmin group to read or write arbitrary files as root
 by leveraging the web interface (CVE-2012-5519).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519
 http://www.cups.org/str.php?L4223
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 621faa1bcabbfe6c820f34d323b15ed6  2011/i586/cups-1.4.8-2.2-mdv2011.0.i586.rpm
 67c994f6deab1ec43abfc03bc469fde3  2011/i586/cups-common-1.4.8-2.2-mdv2011.0.i586.rpm
 0eb1e071e924b8fbcba7782c861d0faa  2011/i586/cups-serial-1.4.8-2.2-mdv2011.0.i586.rpm
 d82bafdbffa2843e8c87f44ff38f09bd  2011/i586/libcups2-1.4.8-2.2-mdv2011.0.i586.rpm
 b91e9da16dc9d1dbc69ad8a32c591609  2011/i586/libcups2-devel-1.4.8-2.2-mdv2011.0.i586.rpm
 76d0886860017257283b49f07948c8a2  2011/i586/php-cups-1.4.8-2.2-mdv2011.0.i586.rpm 
 15055e0d0e17ea5189cf29590e535c95  2011/SRPMS/cups-1.4.8-2.2.src.rpm

 Mandriva Linux 2011/X86_64:
 63a3439642483ba8b58964b050440eb7  2011/x86_64/cups-1.4.8-2.2-mdv2011.0.x86_64.rpm
 667e8c1b429aa470a25cce5bcaa58a81  2011/x86_64/cups-common-1.4.8-2.2-mdv2011.0.x86_64.rpm
 2acfd14c74298e32bca2c2d63f50078b  2011/x86_64/cups-serial-1.4.8-2.2-mdv2011.0.x86_64.rpm
 124d5cba345b9f712b123a9e426629a2  2011/x86_64/lib64cups2-1.4.8-2.2-mdv2011.0.x86_64.rpm
 4c427f6d8051690096192651701d63cc  2011/x86_64/lib64cups2-devel-1.4.8-2.2-mdv2011.0.x86_64.rpm
 cf9ef4e6d1e4c5902915e51ab6443778  2011/x86_64/php-cups-1.4.8-2.2-mdv2011.0.x86_64.rpm 
 15055e0d0e17ea5189cf29590e535c95  2011/SRPMS/cups-1.4.8-2.2.src.rpm

 Mandriva Enterprise Server 5:
 7a7947b4348b46d88771c86d71bf93a8  mes5/i586/cups-1.3.10-0.6mdvmes5.2.i586.rpm
 6be2cef2bb36f325fd2f39c382c691b5  mes5/i586/cups-common-1.3.10-0.6mdvmes5.2.i586.rpm
 7797b6be2eda38cbe9b02aafdcf4382d  mes5/i586/cups-serial-1.3.10-0.6mdvmes5.2.i586.rpm
 341ec5bea5633ff702737e0bc41e866a  mes5/i586/libcups2-1.3.10-0.6mdvmes5.2.i586.rpm
 73c5dedc648f96b4cc596aae5a91d888  mes5/i586/libcups2-devel-1.3.10-0.6mdvmes5.2.i586.rpm
 f4f93fb5602887b9d89d6f9824170d96  mes5/i586/php-cups-1.3.10-0.6mdvmes5.2.i586.rpm 
 25d5330e8744ddd498da35eb63d9c423  mes5/SRPMS/cups-1.3.10-0.6mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 4245234df94e9a8b3b2b5cea86c84b9f  mes5/x86_64/cups-1.3.10-0.6mdvmes5.2.x86_64.rpm
 ba51ee8a0d66e4241da0728aaabd9ec2  mes5/x86_64/cups-common-1.3.10-0.6mdvmes5.2.x86_64.rpm
 5e0b48292098166e884cd4e39b68211e  mes5/x86_64/cups-serial-1.3.10-0.6mdvmes5.2.x86_64.rpm
 b6259d9d194e3f2944ccb691d331109e  mes5/x86_64/lib64cups2-1.3.10-0.6mdvmes5.2.x86_64.rpm
 9a631b030200ffad1f6765d07b63faad  mes5/x86_64/lib64cups2-devel-1.3.10-0.6mdvmes5.2.x86_64.rpm
 b575b13ff39b05c14922702bec3acfcc  mes5/x86_64/php-cups-1.3.10-0.6mdvmes5.2.x86_64.rpm 
 25d5330e8744ddd498da35eb63d9c423  mes5/SRPMS/cups-1.3.10-0.6mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google Releases Open Source Tool for Testing Web App Security Scanners
Most Targeted Attacks Exploit Privileged Accounts
NotCompable sets new standards for mobile botnet sophistication
Hands on with Caine Linux: Pentesting and UEFI compatible
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.