SCIENTIFIC-LINUX-ERRATA Archives

August 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: system-config-printer on SL4.x, SL5.x i386/x86_64
From:
Troy Dawson <[log in to unmask]>
Reply To:
Troy Dawson <[log in to unmask]>
Date:
Tue, 23 Aug 2011 12:22:17 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (35 lines) 
Synopsis:    Moderate: system-config-printer security update
Issue Date:  2011-08-23
CVE Numbers: CVE-2011-2899


system-config-printer is a print queue configuration tool with a 
graphical user interface.

It was found that system-config-printer did not properly sanitize 
NetBIOS and workgroup names when searching for network printers. A 
remote attacker could use this flaw to execute arbitrary code with the 
privileges of the user running system-config-printer. (CVE-2011-2899)

All users of system-config-printer are advised to upgrade to these 
updated packages, which contain a backported patch to resolve this 
issue. Running instances of system-config-printer must be restarted for 
this update to take effect.

SL4:
   i386
      system-config-printer-0.6.116.10-1.6.el4.i386.rpm
      system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm
   x86_64
      system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm
      system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm
SL5:
   i386
      system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm
      system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm
   x86_64
      system-config-printer-0.7.32.10-1.el5_7.1.x86_64.rpm
      system-config-printer-libs-0.7.32.10-1.el5_7.1.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2