Synopsis: Moderate: system-config-printer security update
Issue Date: 2011-08-23
CVE Numbers: CVE-2011-2899
system-config-printer is a print queue configuration tool with a
graphical user interface.
It was found that system-config-printer did not properly sanitize
NetBIOS and workgroup names when searching for network printers. A
remote attacker could use this flaw to execute arbitrary code with the
privileges of the user running system-config-printer. (CVE-2011-2899)
All users of system-config-printer are advised to upgrade to these
updated packages, which contain a backported patch to resolve this
issue. Running instances of system-config-printer must be restarted for
this update to take effect.
SL4:
i386
system-config-printer-0.6.116.10-1.6.el4.i386.rpm
system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm
x86_64
system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm
system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm
SL5:
i386
system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm
system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm
x86_64
system-config-printer-0.7.32.10-1.el5_7.1.x86_64.rpm
system-config-printer-libs-0.7.32.10-1.el5_7.1.x86_64.rpm
- Scientific Linux Development Team