Scientific Linux alert SL-syst-20110823 (system-config-printer) [LWN.net]


From:
    	       Troy Dawson <dawson@fnal.gov> 
To:
    	       "scientific-linux-errata@fnal.gov" <scientific-linux-errata@fnal.gov> 
Subject:
    	       Security ERRATA Moderate: system-config-printer on SL4.x, SL5.x i386/x86_64 
Date:
    	       Tue, 23 Aug 2011 12:22:17 -0500
Message-ID:
    	       <4E53E1C9.8070300@fnal.gov>
Archive-link:
    	       Article, Thread
              
Synopsis:    Moderate: system-config-printer security update
Issue Date:  2011-08-23
CVE Numbers: CVE-2011-2899


system-config-printer is a print queue configuration tool with a 
graphical user interface.

It was found that system-config-printer did not properly sanitize 
NetBIOS and workgroup names when searching for network printers. A 
remote attacker could use this flaw to execute arbitrary code with the 
privileges of the user running system-config-printer. (CVE-2011-2899)

All users of system-config-printer are advised to upgrade to these 
updated packages, which contain a backported patch to resolve this 
issue. Running instances of system-config-printer must be restarted for 
this update to take effect.

SL4:
   i386
      system-config-printer-0.6.116.10-1.6.el4.i386.rpm
      system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm
   x86_64
      system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm
      system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm
SL5:
   i386
      system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm
      system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm
   x86_64
      system-config-printer-0.7.32.10-1.el5_7.1.x86_64.rpm
      system-config-printer-libs-0.7.32.10-1.el5_7.1.x86_64.rpm

- Scientific Linux Development Team
(Log in to post comments)