Home / mailings [USN-1654-1] CUPS vulnerability
Posted on 05 December 2012
Ubuntu Security==========================
==========================
========================
Ubuntu Security Notice USN-1654-1
December 05, 2012
cups, cupsys vulnerability
==========================
==========================
========================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
CUPS could be made to read files or run programs as an administrator.
Software Description:
- cups: Common UNIX Printing System(tm)
- cupsys: Common UNIX Printing System(tm)
Details:
It was discovered that users in the lpadmin group could modify certain CU=
PS
configuration options to escalate privileges. An attacker could use this =
to
potentially gain root privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.10:
cups 1.6.1-0ubuntu11.3
Ubuntu 12.04 LTS:
cups 1.5.3-0ubuntu5.1
Ubuntu 11.10:
cups 1.5.0-8ubuntu7.3
Ubuntu 10.04 LTS:
cups 1.4.3-1ubuntu1.9
Ubuntu 8.04 LTS:
cupsys 1.3.7-1ubuntu3.16
In general, a standard system update will make all the necessary changes.=
This update adds the new cups-files.conf configuration file for privilege=
d
CUPS settings. In certain customized environments, these settings may nee=
d
to be manually moved to this new file. For more information, please see t=
he
updated documentation installed with this package and inspect the CUPS
error log.
References:
http://www.ubuntu.com/usn/usn-1654-1
CVE-2012-5519
Package Information:
https://launchpad.net/ubuntu/+source/cups/1.6.1-0ubuntu11.3
https://launchpad.net/ubuntu/+source/cups/1.5.3-0ubuntu5.1
https://launchpad.net/ubuntu/+source/cups/1.5.0-8ubuntu7.3
https://launchpad.net/ubuntu/+source/cups/1.4.3-1ubuntu1.9
https://launchpad.net/ubuntu/+source/cupsys/1.3.7-1ubuntu3.16
------------
