Mandriva Update For Cups MDVSA-2012:179 (cups) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in cups: CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface (CVE-2012-5519). The updated packages have been patched to correct this issue.

Affected

cups on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2

Severity

Classification

CVE CVE-2012-5519

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:144 (ghostscript)
Mandrake Security Advisory MDVSA-2009:171 (pulseaudio)
Mandrake Security Advisory MDVSA-2009:067 (libsndfile)
Mandrake Security Advisory MDVSA-2009:073 (sarg)
Mandrake Security Advisory MDVSA-2009:149 (apache)

Mandriva Update for cups MDVSA-2012:179 (cups)

Take action and discover your vulnerabilities