Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in CUPS
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in CUPS
ID: USN-1654-1
Distribution: Ubuntu
Plattformen: Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10
Datum: Do, 6. Dezember 2012, 08:37
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519
Applikationen: Common UNIX Printing System

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============6740765048395864156==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enigD071A0242EB4419EA78C4868"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigD071A0242EB4419EA78C4868
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1654-1
December 05, 2012

cups, cupsys vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

CUPS could be made to read files or run programs as an administrator.

Software Description:
- cups: Common UNIX Printing System(tm)
- cupsys: Common UNIX Printing System(tm)

Details:

It was discovered that users in the lpadmin group could modify certain CUPS
configuration options to escalate privileges. An attacker could use this to
potentially gain root privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
cups 1.6.1-0ubuntu11.3

Ubuntu 12.04 LTS:
cups 1.5.3-0ubuntu5.1

Ubuntu 11.10:
cups 1.5.0-8ubuntu7.3

Ubuntu 10.04 LTS:
cups 1.4.3-1ubuntu1.9

Ubuntu 8.04 LTS:
cupsys 1.3.7-1ubuntu3.16

In general, a standard system update will make all the necessary changes.

This update adds the new cups-files.conf configuration file for privileged
CUPS settings. In certain customized environments, these settings may need
to be manually moved to this new file. For more information, please see the
updated documentation installed with this package and inspect the CUPS
error log.

References:
http://www.ubuntu.com/usn/usn-1654-1
CVE-2012-5519

Package Information:
https://launchpad.net/ubuntu/+source/cups/1.6.1-0ubuntu11.3
https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu5.1
https://launchpad.net/ubuntu/+source/cups/1.5.0-8ubuntu7.3
https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.9
https://launchpad.net/ubuntu/+source/cupsys/1.3.7-1ubuntu3.16



--------------enigD071A0242EB4419EA78C4868
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJQv5WnAAoJEGVp2FWnRL6TH00P/RcefzREAUClWOXDeUh7V6Xj
uW/3jFbyoVs6HnaS8OF3/MMBKLqnZioQs/IMzObQLZl6Nac65Iwz4HvHA78j4JtO
aIO7nYTGPiqr2iovH/Ccto4W/Z4v7dY+SoDgV4P9NTrBA+vNKQLjbMpRfJYOjfDg
0wxm/9XY50upAYDqebip70BPMhaj5q6HLZzVnNozeFLQAdPRVswzW338YEZ9ferZ
HWBemCJuphUUf8j4mfMQ8xRy1oAlNI01Rjc8KObyhP+LD43OnlIXuU3vOXucQSBg
YgoJzC2LhTAv9zbbIDuwRpf3TAMbqB117EvgjtVg7vYv1LDemJoC956WCYCzrI3F
mFdB/IgRuAdTzJs2UKFpdhDK5w0C6oqebgoEKdlAcvfl0L3rtqRzk04Gcqycg/g9
9ZWPx26YrokpKULTnEB8oH5kfWudETWtIkajCq9j1XWoeWns225pVlH0VuqzpVxX
9wsxQLPUeM5Pm5G8BEp4PPM+nLIsX4hV7fU2vgdNrhxxw9RIDExBxr0rRHzFKx37
iNlpcE6wkVcYOMgO7xZGG1ygruW4Ok5WDnE9aY9Q/lZ0pYowcyxdVtZxn15lBMLR
rXVuPiVpEZFD88QLSVGkrLwTodmd1H1m/YpztDRJnQ6k3maG1r1FGLozHOIJoxsy
LbqFlnZ52KicMEYszLD+
=lMjq
-----END PGP SIGNATURE-----

--------------enigD071A0242EB4419EA78C4868--


--===============6740765048395864156==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============6740765048395864156==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung