cups-pk-helper security vulnerability CVE-2012-4510
Bug #1083416 reported by
Jeremy Bícha
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cups-pk-helper (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Oneiric |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
cups-pk-helper, a PolicyKit helper to configure CUPS with fine-grained privileges, before 0.2.3 wrapped CUPS function calls in an insecure way. This could lead to uploading sensitive data to a CUPS resource, or overwriting specific files with the content of a CUPS resource. The user would have to explicitly approve the action.
CVE References
Changed in cups-pk-helper (Ubuntu): | |
status: | New → Fix Released |
Changed in cups-pk-helper (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in cups-pk-helper (Ubuntu Quantal): | |
status: | New → Confirmed |
Changed in cups-pk-helper (Ubuntu Oneiric): | |
status: | New → Triaged |
Changed in cups-pk-helper (Ubuntu Precise): | |
status: | Confirmed → Triaged |
Changed in cups-pk-helper (Ubuntu Quantal): | |
status: | Confirmed → Triaged |
To post a comment you must log in.
Thanks for your debdiffs!
The quantal patch should use 0.2.1.2-1ubuntu1.1 as the version per https:/ /wiki.ubuntu. com/SecurityTea m/UpdatePrepara tion#Packaging. Otherwise it looks great. I'm fixing that and uploading to the security ppa now.