Описание
ELSA-2013-0580: cups security update (MODERATE)
[1:1.4.2-50:.4]
- Added BrowseLDAPCACertFile and PrintcapGUI to restricted options list.
[1:1.4.2-50:.3]
- Fix for CVE-2012-5519 patch: handle blacklisted lines that have no value part gracefully.
[1:1.4.2-50:.2]
- Added documentation for new CVE-2012-5519 option.
[1:1.4.2-50:.1]
- Applied patch to fix CVE-2012-5519 (privilege escalation for users in SystemGroup or with equivalent polkit permission). This prevents HTTP PUT requests with paths under /admin/conf/ other than that for cupsd.conf, and also prevents such requests altering certain configuration directives such as PageLog and FileDevice (bug #875898).
[1:1.4.2-50]
- Fixed LDAP browsing issues (bug #870386).
[1:1.4.2-49]
- Avoid 'forbidden' error when moving job between queues via web UI (bug #834445).
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
cups
1.3.7-30.el5_9.3
cups-devel
1.3.7-30.el5_9.3
cups-libs
1.3.7-30.el5_9.3
cups-lpd
1.3.7-30.el5_9.3
Oracle Linux x86_64
cups
1.3.7-30.el5_9.3
cups-devel
1.3.7-30.el5_9.3
cups-libs
1.3.7-30.el5_9.3
cups-lpd
1.3.7-30.el5_9.3
Oracle Linux i386
cups
1.3.7-30.el5_9.3
cups-devel
1.3.7-30.el5_9.3
cups-libs
1.3.7-30.el5_9.3
cups-lpd
1.3.7-30.el5_9.3
Oracle Linux 6
Oracle Linux x86_64
cups
1.4.2-50.el6_4.4
cups-devel
1.4.2-50.el6_4.4
cups-libs
1.4.2-50.el6_4.4
cups-lpd
1.4.2-50.el6_4.4
cups-php
1.4.2-50.el6_4.4
Oracle Linux i686
cups
1.4.2-50.el6_4.4
cups-devel
1.4.2-50.el6_4.4
cups-libs
1.4.2-50.el6_4.4
cups-lpd
1.4.2-50.el6_4.4
cups-php
1.4.2-50.el6_4.4
Связанные CVE
Связанные уязвимости
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
CUPS 1.4.4, when running in certain Linux distributions such as Debian ...
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.