Launchpad.net

CVE 2012-5519

CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.

Related bugs and status

CVE-2012-5519 (Candidate) is related to these bugs:

Bug #1061063: [FFE] Reimplement automatic appearing of CUPS queues broadcasted by a remote CUPS server

		In	Importance	Status
1061063	[FFE] Reimplement automatic appearing of CUPS queues broadcasted by a remote CUPS server	cups (Ubuntu)	Critical	Fix Released
1061063	[FFE] Reimplement automatic appearing of CUPS queues broadcasted by a remote CUPS server	cups (Ubuntu Quantal)	Critical	Fix Released
1061063	[FFE] Reimplement automatic appearing of CUPS queues broadcasted by a remote CUPS server	cups (Ubuntu Raring)	Critical	Fix Released
1061063	[FFE] Reimplement automatic appearing of CUPS queues broadcasted by a remote CUPS server	cups-filters (Ubuntu)	Critical	Fix Released
1061063	[FFE] Reimplement automatic appearing of CUPS queues broadcasted by a remote CUPS server	cups-filters (Ubuntu Quantal)	Undecided	Invalid
1061063	[FFE] Reimplement automatic appearing of CUPS queues broadcasted by a remote CUPS server	cups-filters (Ubuntu Raring)	Critical	Fix Released

Bug #1061069: CUPS 1.6 has major incompatible changes. Do not use CUPS 1.6.1 on stable Ubuntu releases

		In	Importance	Status
1061069	CUPS 1.6 has major incompatible changes. Do not use CUPS 1.6.1 on stable Ubuntu releases	cups (Ubuntu)	Critical	Fix Released
1061069	CUPS 1.6 has major incompatible changes. Do not use CUPS 1.6.1 on stable Ubuntu releases	cups (Suse)	High	Fix Released
1061069	CUPS 1.6 has major incompatible changes. Do not use CUPS 1.6.1 on stable Ubuntu releases	cups (Ubuntu Quantal)	Critical	Fix Released
1061069	CUPS 1.6 has major incompatible changes. Do not use CUPS 1.6.1 on stable Ubuntu releases	cups (Ubuntu Raring)	Critical	Fix Released
1061069	CUPS 1.6 has major incompatible changes. Do not use CUPS 1.6.1 on stable Ubuntu releases	cups-filters (Ubuntu)	Critical	Fix Released
1061069	CUPS 1.6 has major incompatible changes. Do not use CUPS 1.6.1 on stable Ubuntu releases	cups-filters (Ubuntu Quantal)	Undecided	Invalid
1061069	CUPS 1.6 has major incompatible changes. Do not use CUPS 1.6.1 on stable Ubuntu releases	cups-filters (Ubuntu Raring)	Critical	Fix Released

Bug #1086019: cupsd crashes regularly (daily)

		In	Importance	Status
1086019	cupsd crashes regularly (daily)	cups (Ubuntu)	High	Fix Released
1086019	cupsd crashes regularly (daily)	cups (Ubuntu Quantal)	High	Fix Released
1086019	cupsd crashes regularly (daily)	cups-filters (Ubuntu)	High	Fix Released
1086019	cupsd crashes regularly (daily)	cups-filters (Ubuntu Quantal)	Undecided	Invalid

Bug #1088448: Unknown directive SystemGroup

Summary				In	Importance	Status
	1088448	Unknown directive SystemGroup		cups (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-5519

Related bugs and status

Related bugs

References