Mandriva Update For Cups MDVSA-2012:179 (cups) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in cups: CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface (CVE-2012-5519). The updated packages have been patched to correct this issue.

Affected

cups on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2

Severity

Classification

CVE CVE-2012-5519
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
Mandrake Security Advisory MDVSA-2009:009 (kvm)
Mandrake Security Advisory MDVSA-2009:101 (xpdf)
Mandrake Security Advisory MDVSA-2009:023 (php)
Mandrake Security Advisory MDVSA-2009:036 (python)

Mandriva Update for cups MDVSA-2012:179 (cups)

Take action and discover your vulnerabilities