Synopsis: Moderate: cups security update
Issue Date: 2013-02-28
CVE Numbers: CVE-2012-5519
--
It was discovered that CUPS administrative users (members of the
SystemGroups groups) who are permitted to perform CUPS configuration changes
via the CUPS web interface could manipulate the CUPS configuration to gain
unintended privileges. Such users could read or write arbitrary files with
the privileges of the CUPS daemon, possibly allowing them to run arbitrary
code with root privileges. (CVE-2012-5519)
After installing this update, the ability to change certain CUPS
configuration directives remotely will be disabled by default. The newly
introduced ConfigurationChangeRestriction directive can be used to enable
the changing of the restricted directives remotely.
After installing this update, the cupsd daemon will be restarted
automatically.
--
SL5
x86_64
cups-1.3.7-30.el5_9.3.x86_64.rpm
cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm
cups-debuginfo-1.3.7-30.el5_9.3.x86_64.rpm
cups-libs-1.3.7-30.el5_9.3.i386.rpm
cups-libs-1.3.7-30.el5_9.3.x86_64.rpm
cups-lpd-1.3.7-30.el5_9.3.x86_64.rpm
cups-devel-1.3.7-30.el5_9.3.i386.rpm
cups-devel-1.3.7-30.el5_9.3.x86_64.rpm
i386
cups-1.3.7-30.el5_9.3.i386.rpm
cups-debuginfo-1.3.7-30.el5_9.3.i386.rpm
cups-libs-1.3.7-30.el5_9.3.i386.rpm
cups-lpd-1.3.7-30.el5_9.3.i386.rpm
cups-devel-1.3.7-30.el5_9.3.i386.rpm
SL6
x86_64
cups-1.4.2-50.el6_4.4.x86_64.rpm
cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm
cups-debuginfo-1.4.2-50.el6_4.4.x86_64.rpm
cups-libs-1.4.2-50.el6_4.4.i686.rpm
cups-libs-1.4.2-50.el6_4.4.x86_64.rpm
cups-lpd-1.4.2-50.el6_4.4.x86_64.rpm
cups-devel-1.4.2-50.el6_4.4.i686.rpm
cups-devel-1.4.2-50.el6_4.4.x86_64.rpm
cups-php-1.4.2-50.el6_4.4.x86_64.rpm
i386
cups-1.4.2-50.el6_4.4.i686.rpm
cups-debuginfo-1.4.2-50.el6_4.4.i686.rpm
cups-libs-1.4.2-50.el6_4.4.i686.rpm
cups-lpd-1.4.2-50.el6_4.4.i686.rpm
cups-devel-1.4.2-50.el6_4.4.i686.rpm
cups-php-1.4.2-50.el6_4.4.i686.rpm
- Scientific Linux Development Team