ID

VAR-201211-0289

CVE

CVE-2012-5519

TITLE

CUPS In root As an arbitrary file read vulnerability

DESCRIPTION

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. CUPS (Common UNIX Printing System) is prone to a local privilege-escalation vulnerability. A local attacker can potentially exploit this issue to execute arbitrary commands with root privileges. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. There is a vulnerability in CUPS version 1.4.4 running on some Linux distributions, such as Debian GNU/Linux. The vulnerability is caused by storing the network interface administrator primary key under /var/run/cups/certs/0 with certain permissions. This update splits the configuration file /etc/cups/cupsd.conf into two files: cupsd.conf and cups-files.conf. While the first stays configurable via the web interface, the latter can only be configured by the root user. Please see the updated documentation that comes with the new package for more information on these files. For the stable distribution (squeeze), this problem has been fixed in version 1.4.4-7+squeeze2. For the testing distribution (wheezy), this problem has been fixed in version 1.5.3-2.7. For the unstable distribution (sid), this problem has been fixed in version 1.5.3-2.7. We recommend that you upgrade your cups packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201404-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: CUPS: Arbitrary file read/write Date: April 07, 2014 Bugs: #442926 ID: 201404-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability in CUPS may allow for arbitrary file access. Workaround ========== There is no known workaround at this time. Resolution ========== All CUPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.6.2-r5" References ========== [ 1 ] CVE-2012-5519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5519 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201404-01.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-06-04-1 OS X Mountain Lion v10.8.4 and Security Update 2013-002 OS X Mountain Lion v10.8.4 and Security Update 2013-002 is now available and addresses the following: CFNetwork Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: An attacker with access to a user's session may be able to log into previously accessed sites, even if Private Browsing was used Description: Permanent cookies were saved after quitting Safari, even when Private Browsing was enabled. This issue was addressed by improved handling of cookies. CVE-ID CVE-2013-0982 : Alexander Traud of www.traud.de CoreAnimation Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: Visiting a maliciously crafted site may lead to an unexpected application termination or arbitrary code execution Description: An unbounded stack allocation issue existed in the handling of text glyphs. This could be triggered by maliciously crafted URLs in Safari. The issue was addressed through improved bounds checking. CVE-ID CVE-2013-0983 : David Fifield of Stanford University, Ben Syverson CoreMedia Playback Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of text tracks. This issue was addressed by additional validation of text tracks. CVE-ID CVE-2012-5519 Directory Service Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: A remote attacker may execute arbitrary code with system privileges on systems with Directory Service enabled Description: An issue existed in the directory server's handling of messages from the network. This issue was addressed through improved bounds checking. This issue does not affect OS X Lion or OS X Mountain Lion systems. CVE-ID CVE-2013-0984 : Nicolas Economou of Core Security Disk Management Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: A local user may disable FileVault Description: A local user who is not an administrator may disable FileVault using the command-line. This issue was addressed by adding additional authentication. CVE-ID CVE-2013-0985 OpenSSL Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: An attacker may be able to decrypt data protected by SSL Description: There were known attacks on the confidentiality of TLS 1.0 when compression was enabled. This issue was addressed by disabling compression in OpenSSL. CVE-ID CVE-2012-4929 : Juliano Rizzo and Thai Duong OpenSSL Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: Multiple vulnerabilities in OpenSSL Description: OpenSSL was updated to version 0.9.8x to address multiple vulnerabilities, which may lead to denial of service or disclosure of a private key. Further information is available via the OpenSSL website at http://www.openssl.org/news/ CVE-ID CVE-2011-1945 CVE-2011-3207 CVE-2011-3210 CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0050 CVE-2012-2110 CVE-2012-2131 CVE-2012-2333 QuickDraw Manager Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.2 Impact: Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of PICT images. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0975 : Tobias Klein working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of 'enof' atoms. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0986 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: Viewing a maliciously crafted QTIF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of QTIF files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0987 : roob working with iDefense VCP QuickTime Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: Viewing a maliciously crafted FPX file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of FPX files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0988 : G. Geshev working with HP's Zero Day Initiative QuickTime Available for: OS X Mountain Lion v10.8 to v10.8.3 Impact: Playing a maliciously crafted MP3 file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of MP3 files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-0989 : G. Geshev working with HP's Zero Day Initiative Ruby Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8 Impact: Multiple vulnerabilities in Ruby on Rails Description: Multiple vulnerabilities existed in Ruby on Rails, the most serious of which may lead to arbitrary code execution on systems running Ruby on Rails applications. These issues were addressed by updating Ruby on Rails to version 2.3.18. This issue may affect OS X Lion or OS X Mountain Lion systems that were upgraded from Mac OS X 10.6.8 or earlier. Users can update affected gems on such systems by using the /usr/bin/gem utility. CVE-ID CVE-2013-0155 CVE-2013-0276 CVE-2013-0277 CVE-2013-0333 CVE-2013-1854 CVE-2013-1855 CVE-2013-1856 CVE-2013-1857 SMB Available for: OS X Lion v10.7 to v10.7.5, OS X Lion Server v10.7 to v10.7.5, OS X Mountain Lion v10.8 to v10.8.3 Impact: An authenticated user may be able to write files outside the shared directory Description: If SMB file sharing is enabled, an authenticated user may be able to write files outside the shared directory. This issue was addressed through improved access control. CVE-ID CVE-2013-0990 : Ward van Wanrooij Note: Starting with OS X 10.8.4, Java Web Start (i.e. JNLP) applications downloaded from the Internet need to be signed with a Developer ID certificate. Gatekeeper will check downloaded Java Web Start applications for a signature and block such applications from launching if they are not properly signed. Note: OS X Mountain Lion v10.8.4 includes the content of Safari 6.0.5. For further details see "About the security content of Safari 6.0.5" at http://http//support.apple.com/kb/HT5785 OS X Mountain Lion v10.8.4 and Security Update 2013-002 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ The Software Update utility will present the update that applies to your system configuration. Only one is needed, either OS X Mountain Lion v10.8.4, or Security Update 2013-002. For OS X Mountain Lion v10.8.3 The download file is named: OSXUpd10.8.4.dmg Its SHA-1 digest is: 9cf99aa1293cefdac0fb9a24ea133c80f8237b5e For OS X Mountain Lion v10.8 and v10.8.2 The download file is named: OSXUpdCombo10.8.4.dmg Its SHA-1 digest is: 3c95d0c8d0c7f43339a5f4e137e386dd5fe409c3 For OS X Lion v10.7.5 The download file is named: SecUpd2013-002.dmg Its SHA-1 digest is: cfc3bd0941d7c5838aee9e92ee087d78abff3ce7 For OS X Lion Server v10.7.5 The download file is named: SecUpdSrvr2013-002.dmg Its SHA-1 digest is: 34dff575a145e13404e7a2ee8a390d3e7c56fb5e For Mac OS X v10.6.8 The download file is named: SecUpd2013-002.dmg Its SHA-1 digest is: 5da54b38ffb8c147925c3018a8f5bf30ad4ac5b1 For Mac OS X Server v10.6.8 The download file is named: SecUpdSrvr2013-002.dmg Its SHA-1 digest is: b20271f019930fe894c2247a6d5e05f00568b583 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJRrjkiAAoJEPefwLHPlZEwW+AP/0x/cHS3VPY0/a98Xpmdfkdb eo9Ns5FKw6mIkUftrN6qwNAgFXWqQXNIbJ3q8ZnoxcFPakhYyPSp4XowpR79l7kG B2ZrdTx9aIn2bfHZ+h4cE8XnVL8qUDz2RxFopOGbb+wpJxl8/fehDmWokC5wCeF5 N7mnwW2s37QL73BmAMRdi6CYcJCKwhZWGFWmqiNvpFlUP+kcjU/UM1MAzOu0xsiA PD6NrWeUOWfFrcQgx/pspWGvrFyV4FLu+0wQBl9f/DiQNrwVXIr85rHtah+b1NCU pteSxQwb4kRojXdPm4+I3LKoghzGR8xD6+Xl6KdYgReSW89Di4bKM3WpbRLqhRuq 8kv38Gk3/vZDfAnuNQX09dE6EgJ0DVu86SoRQZ1iYRQoLrizVsOvyVQUojZhT47t 6l44L/5cNJd7EcaC8hdmr44cCZdMPDEqoKzn2BavH62WYXbZMPlHBDo/H2ujUUec i7XU7LA1Upw57X4wmIUU4QrlBhNBh39yRKh3katAklayFBjOMEyyL57gURvd6O77 gFOQpUQ6kgqwgQCrtNT6R96igfyu7cVxYW7XchZDHgA3n/YWOAVvXkVeeQ5OUGzC O0UYLMBpPka31yfWP23QaXpV+LW462raI6LnMvRP1245RhokTTThZw6/9xochK2V +VoeoamqaQqZGyOiObbU =vG2v -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-1654-1 December 05, 2012 cups, cupsys vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: CUPS could be made to read files or run programs as an administrator. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: cups 1.6.1-0ubuntu11.3 Ubuntu 12.04 LTS: cups 1.5.3-0ubuntu5.1 Ubuntu 11.10: cups 1.5.0-8ubuntu7.3 Ubuntu 10.04 LTS: cups 1.4.3-1ubuntu1.9 Ubuntu 8.04 LTS: cupsys 1.3.7-1ubuntu3.16 In general, a standard system update will make all the necessary changes. In certain customized environments, these settings may need to be manually moved to this new file. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security update Advisory ID: RHSA-2013:0580-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-0580.html Issue date: 2013-02-28 CVE Names: CVE-2012-5519 ===================================================================== 1. Summary: Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. It was discovered that CUPS administrative users (members of the SystemGroups groups) who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. (CVE-2012-5519) After installing this update, the ability to change certain CUPS configuration directives remotely will be disabled by default. The newly introduced ConfigurationChangeRestriction directive can be used to enable the changing of the restricted directives remotely. Refer to Red Hat Bugzilla bug 875898 for more details and the list of restricted directives. All users of cups are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the cupsd daemon will be restarted automatically. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 875898 - CVE-2012-5519 cups: privilege escalation for users of the CUPS SystemGroup group 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.3.7-30.el5_9.3.src.rpm i386: cups-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-lpd-1.3.7-30.el5_9.3.i386.rpm x86_64: cups-1.3.7-30.el5_9.3.x86_64.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.x86_64.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.x86_64.rpm cups-lpd-1.3.7-30.el5_9.3.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cups-1.3.7-30.el5_9.3.src.rpm i386: cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-devel-1.3.7-30.el5_9.3.i386.rpm x86_64: cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.x86_64.rpm cups-devel-1.3.7-30.el5_9.3.i386.rpm cups-devel-1.3.7-30.el5_9.3.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cups-1.3.7-30.el5_9.3.src.rpm i386: cups-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-devel-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-lpd-1.3.7-30.el5_9.3.i386.rpm ia64: cups-1.3.7-30.el5_9.3.ia64.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.ia64.rpm cups-devel-1.3.7-30.el5_9.3.ia64.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.ia64.rpm cups-lpd-1.3.7-30.el5_9.3.ia64.rpm ppc: cups-1.3.7-30.el5_9.3.ppc.rpm cups-debuginfo-1.3.7-30.el5_9.3.ppc.rpm cups-debuginfo-1.3.7-30.el5_9.3.ppc64.rpm cups-devel-1.3.7-30.el5_9.3.ppc.rpm cups-devel-1.3.7-30.el5_9.3.ppc64.rpm cups-libs-1.3.7-30.el5_9.3.ppc.rpm cups-libs-1.3.7-30.el5_9.3.ppc64.rpm cups-lpd-1.3.7-30.el5_9.3.ppc.rpm s390x: cups-1.3.7-30.el5_9.3.s390x.rpm cups-debuginfo-1.3.7-30.el5_9.3.s390.rpm cups-debuginfo-1.3.7-30.el5_9.3.s390x.rpm cups-devel-1.3.7-30.el5_9.3.s390.rpm cups-devel-1.3.7-30.el5_9.3.s390x.rpm cups-libs-1.3.7-30.el5_9.3.s390.rpm cups-libs-1.3.7-30.el5_9.3.s390x.rpm cups-lpd-1.3.7-30.el5_9.3.s390x.rpm x86_64: cups-1.3.7-30.el5_9.3.x86_64.rpm cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm cups-debuginfo-1.3.7-30.el5_9.3.x86_64.rpm cups-devel-1.3.7-30.el5_9.3.i386.rpm cups-devel-1.3.7-30.el5_9.3.x86_64.rpm cups-libs-1.3.7-30.el5_9.3.i386.rpm cups-libs-1.3.7-30.el5_9.3.x86_64.rpm cups-lpd-1.3.7-30.el5_9.3.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-lpd-1.4.2-50.el6_4.4.i686.rpm x86_64: cups-1.4.2-50.el6_4.4.x86_64.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.x86_64.rpm cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-php-1.4.2-50.el6_4.4.i686.rpm x86_64: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.x86_64.rpm cups-php-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm x86_64: cups-1.4.2-50.el6_4.4.x86_64.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.x86_64.rpm cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm x86_64: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.x86_64.rpm cups-php-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-lpd-1.4.2-50.el6_4.4.i686.rpm ppc64: cups-1.4.2-50.el6_4.4.ppc64.rpm cups-debuginfo-1.4.2-50.el6_4.4.ppc.rpm cups-debuginfo-1.4.2-50.el6_4.4.ppc64.rpm cups-devel-1.4.2-50.el6_4.4.ppc.rpm cups-devel-1.4.2-50.el6_4.4.ppc64.rpm cups-libs-1.4.2-50.el6_4.4.ppc.rpm cups-libs-1.4.2-50.el6_4.4.ppc64.rpm cups-lpd-1.4.2-50.el6_4.4.ppc64.rpm s390x: cups-1.4.2-50.el6_4.4.s390x.rpm cups-debuginfo-1.4.2-50.el6_4.4.s390.rpm cups-debuginfo-1.4.2-50.el6_4.4.s390x.rpm cups-devel-1.4.2-50.el6_4.4.s390.rpm cups-devel-1.4.2-50.el6_4.4.s390x.rpm cups-libs-1.4.2-50.el6_4.4.s390.rpm cups-libs-1.4.2-50.el6_4.4.s390x.rpm cups-lpd-1.4.2-50.el6_4.4.s390x.rpm x86_64: cups-1.4.2-50.el6_4.4.x86_64.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.x86_64.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.x86_64.rpm cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-php-1.4.2-50.el6_4.4.i686.rpm ppc64: cups-debuginfo-1.4.2-50.el6_4.4.ppc64.rpm cups-php-1.4.2-50.el6_4.4.ppc64.rpm s390x: cups-debuginfo-1.4.2-50.el6_4.4.s390x.rpm cups-php-1.4.2-50.el6_4.4.s390x.rpm x86_64: cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-php-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-lpd-1.4.2-50.el6_4.4.i686.rpm x86_64: cups-1.4.2-50.el6_4.4.x86_64.rpm cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-devel-1.4.2-50.el6_4.4.i686.rpm cups-devel-1.4.2-50.el6_4.4.x86_64.rpm cups-libs-1.4.2-50.el6_4.4.i686.rpm cups-libs-1.4.2-50.el6_4.4.x86_64.rpm cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/cups-1.4.2-50.el6_4.4.src.rpm i386: cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm cups-php-1.4.2-50.el6_4.4.i686.rpm x86_64: cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm cups-php-1.4.2-50.el6_4.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-5519.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRL6vPXlSAg2UNWIIRAgfRAJ45P5PpTxCh/Af2ihj7wuSv7ACeBQCfcg2V +0Zi945sHm5HZZBwd0qo6UM= =EmrA -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

permissions and access control issues

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Jann Horn

SOURCES

LAST UPDATE DATE

2024-11-23T19:59:29.425000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE