drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in CUPS
Name: |
Ausführen beliebiger Kommandos in CUPS |
|
ID: |
USN-1654-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 11.10, Ubuntu 12.04 LTS, Ubuntu 12.10 |
|
Datum: |
Do, 6. Dezember 2012, 08:37 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519 |
|
Applikationen: |
Common UNIX Printing System |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --===============6740765048395864156== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigD071A0242EB4419EA78C4868"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD071A0242EB4419EA78C4868 Content-Type: text/plain; charset=ISO-8859- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1654-1 December 05, 2012
cups, cupsys vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS
Summary:
CUPS could be made to read files or run programs as an administrator.
Software Description: - cups: Common UNIX Printing System(tm) - cupsys: Common UNIX Printing System(tm)
Details:
It was discovered that users in the lpadmin group could modify certain CUPS configuration options to escalate privileges. An attacker could use this to potentially gain root privileges.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.10: cups 1.6.1-0ubuntu11.3
Ubuntu 12.04 LTS: cups 1.5.3-0ubuntu5.1
Ubuntu 11.10: cups 1.5.0-8ubuntu7.3
Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.9
Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.16
In general, a standard system update will make all the necessary changes.
This update adds the new cups-files.conf configuration file for privileged CUPS settings. In certain customized environments, these settings may need to be manually moved to this new file. For more information, please see the updated documentation installed with this package and inspect the CUPS error log.
References: http://www.ubuntu.com/usn/usn-1654-1 CVE-2012-5519
Package Information: https://launchpad.net/ubuntu/+source/cups/1.6.1-0ubuntu11.3 https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu5.1 https://launchpad.net/ubuntu/+source/cups/1.5.0-8ubuntu7.3 https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.9 https://launchpad.net/ubuntu/+source/cupsys/1.3.7-1ubuntu3.16
--------------enigD071A0242EB4419EA78C4868 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBCgAGBQJQv5WnAAoJEGVp2FWnRL6TH00P/RcefzREAUClWOXDeUh7V6Xj uW/3jFbyoVs6HnaS8OF3/MMBKLqnZioQs/IMzObQLZl6Nac65Iwz4HvHA78j4JtO aIO7nYTGPiqr2iovH/Ccto4W/Z4v7dY+SoDgV4P9NTrBA+vNKQLjbMpRfJYOjfDg 0wxm/9XY50upAYDqebip70BPMhaj5q6HLZzVnNozeFLQAdPRVswzW338YEZ9ferZ HWBemCJuphUUf8j4mfMQ8xRy1oAlNI01Rjc8KObyhP+LD43OnlIXuU3vOXucQSBg YgoJzC2LhTAv9zbbIDuwRpf3TAMbqB117EvgjtVg7vYv1LDemJoC956WCYCzrI3F mFdB/IgRuAdTzJs2UKFpdhDK5w0C6oqebgoEKdlAcvfl0L3rtqRzk04Gcqycg/g9 9ZWPx26YrokpKULTnEB8oH5kfWudETWtIkajCq9j1XWoeWns225pVlH0VuqzpVxX 9wsxQLPUeM5Pm5G8BEp4PPM+nLIsX4hV7fU2vgdNrhxxw9RIDExBxr0rRHzFKx37 iNlpcE6wkVcYOMgO7xZGG1ygruW4Ok5WDnE9aY9Q/lZ0pYowcyxdVtZxn15lBMLR rXVuPiVpEZFD88QLSVGkrLwTodmd1H1m/YpztDRJnQ6k3maG1r1FGLozHOIJoxsy LbqFlnZ52KicMEYszLD+ =lMjq -----END PGP SIGNATURE-----
--------------enigD071A0242EB4419EA78C4868--
--===============6740765048395864156== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6740765048395864156==--
|
|
|
|