LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

August 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA August 2011

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Moderate: foomatic on SL4.x, SL5.x i386/x86_64
From:	Troy Dawson <[log in to unmask]>
Reply To:	Troy Dawson <[log in to unmask]>
Date:	Tue, 2 Aug 2011 11:10:22 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (34 lines)

Synopsis:    Moderate: foomatic security update
Issue Date:  2011-08-01
CVE Numbers: CVE-2011-2697


Foomatic is a comprehensive, spooler-independent database of printers,
printer drivers, and driver descriptions. The package also includes
spooler-independent command line interfaces to manipulate queues and to
print files and manipulate print jobs. foomatic-rip is a print filter
written in Perl.

An input sanitization flaw was found in the foomatic-rip print filter. 
An attacker could submit a print job with the username, title, or job 
options set to appear as a command line option that caused the filter to 
use a specified PostScript printer description (PPD) file, rather than 
the administrator-set one. This could lead to arbitrary code execution 
with the privileges of the "lp" user. (CVE-2011-2697)

All foomatic users should upgrade to this updated package, which 
contains a backported patch to resolve this issue.

SL4:
   i386
      foomatic-3.0.2-3.2.el4.i386.rpm
   x86_64
      foomatic-3.0.2-3.2.el4.x86_64.rpm
SL5:
   i386
      foomatic-3.0.2-38.3.el5_7.1.i386.rpm
   x86_64
      foomatic-3.0.2-38.3.el5_7.1.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV