MDVSA-2012:179

Nom du paquet

cups

Date

2012-12-12

Advisory ID

MDVSA-2012:179

Affected versions

MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Problem description

A vulnerability was discovered and corrected in cups:

CUPS 1.4.4, when running in certain Linux distributions such as
Debian GNU/Linux, stores the web interface administrator key in
/var/run/cups/certs/0 using certain permissions, which allows local
users in the lpadmin group to read or write arbitrary files as root
by leveraging the web interface (CVE-2012-5519).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 7a7947b4348b46d88771c86d71bf93a8  mes5/i586/cups-1.3.10-0.6mdvmes5.2.i586.rpm
 6be2cef2bb36f325fd2f39c382c691b5  mes5/i586/cups-common-1.3.10-0.6mdvmes5.2.i586.rpm
 7797b6be2eda38cbe9b02aafdcf4382d  mes5/i586/cups-serial-1.3.10-0.6mdvmes5.2.i586.rpm
 341ec5bea5633ff702737e0bc41e866a  mes5/i586/libcups2-1.3.10-0.6mdvmes5.2.i586.rpm
 73c5dedc648f96b4cc596aae5a91d888  mes5/i586/libcups2-devel-1.3.10-0.6mdvmes5.2.i586.rpm
 f4f93fb5602887b9d89d6f9824170d96  mes5/i586/php-cups-1.3.10-0.6mdvmes5.2.i586.rpm 
 25d5330e8744ddd498da35eb63d9c423  mes5/SRPMS/cups-1.3.10-0.6mdvmes5.2.src.rpm

2011 i586

 621faa1bcabbfe6c820f34d323b15ed6  2011/i586/cups-1.4.8-2.2-mdv2011.0.i586.rpm
 67c994f6deab1ec43abfc03bc469fde3  2011/i586/cups-common-1.4.8-2.2-mdv2011.0.i586.rpm
 0eb1e071e924b8fbcba7782c861d0faa  2011/i586/cups-serial-1.4.8-2.2-mdv2011.0.i586.rpm
 d82bafdbffa2843e8c87f44ff38f09bd  2011/i586/libcups2-1.4.8-2.2-mdv2011.0.i586.rpm
 b91e9da16dc9d1dbc69ad8a32c591609  2011/i586/libcups2-devel-1.4.8-2.2-mdv2011.0.i586.rpm
 76d0886860017257283b49f07948c8a2  2011/i586/php-cups-1.4.8-2.2-mdv2011.0.i586.rpm 
 15055e0d0e17ea5189cf29590e535c95  2011/SRPMS/cups-1.4.8-2.2.src.rpm

MES5 x86_64

 4245234df94e9a8b3b2b5cea86c84b9f  mes5/x86_64/cups-1.3.10-0.6mdvmes5.2.x86_64.rpm
 ba51ee8a0d66e4241da0728aaabd9ec2  mes5/x86_64/cups-common-1.3.10-0.6mdvmes5.2.x86_64.rpm
 5e0b48292098166e884cd4e39b68211e  mes5/x86_64/cups-serial-1.3.10-0.6mdvmes5.2.x86_64.rpm
 b6259d9d194e3f2944ccb691d331109e  mes5/x86_64/lib64cups2-1.3.10-0.6mdvmes5.2.x86_64.rpm
 9a631b030200ffad1f6765d07b63faad  mes5/x86_64/lib64cups2-devel-1.3.10-0.6mdvmes5.2.x86_64.rpm
 b575b13ff39b05c14922702bec3acfcc  mes5/x86_64/php-cups-1.3.10-0.6mdvmes5.2.x86_64.rpm 
 25d5330e8744ddd498da35eb63d9c423  mes5/SRPMS/cups-1.3.10-0.6mdvmes5.2.src.rpm

2011 x86_64

 63a3439642483ba8b58964b050440eb7  2011/x86_64/cups-1.4.8-2.2-mdv2011.0.x86_64.rpm
 667e8c1b429aa470a25cce5bcaa58a81  2011/x86_64/cups-common-1.4.8-2.2-mdv2011.0.x86_64.rpm
 2acfd14c74298e32bca2c2d63f50078b  2011/x86_64/cups-serial-1.4.8-2.2-mdv2011.0.x86_64.rpm
 124d5cba345b9f712b123a9e426629a2  2011/x86_64/lib64cups2-1.4.8-2.2-mdv2011.0.x86_64.rpm
 4c427f6d8051690096192651701d63cc  2011/x86_64/lib64cups2-devel-1.4.8-2.2-mdv2011.0.x86_64.rpm
 cf9ef4e6d1e4c5902915e51ab6443778  2011/x86_64/php-cups-1.4.8-2.2-mdv2011.0.x86_64.rpm 
 15055e0d0e17ea5189cf29590e535c95  2011/SRPMS/cups-1.4.8-2.2.src.rpm

References

• http://www.cups.org/str.php?L4223
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519