User: Password:
|
|
Subscribe / Log in / New account

Pardus alert 2010-49 (cups)

From:  Eren Turkay <eren@pardus.org.tr>
To:  pardus-security@pardus.org.tr
Subject:  [Pardus-security] [PLSA 2010-49] Cups: Privilege Escalation
Date:  Fri, 9 Apr 2010 10:32:26 +0300 (EEST)
Message-ID:  <20100409073226.66C5BA7AB6D@lider.pardus.org.tr>
Archive-link:  Article, Thread

------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-49 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-04-09 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in Cups, which can be exploited by malicious people to gain certain privileges. Description =========== CVE-2010-0393: The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. Affected packages: Pardus 2008: cups, all before 1.3.10-60-13 Resolution ========== There are update(s) for cups. You can update them via Package Manager or with a single command from console: pisi up cups References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=12438 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0393 * https://bugzilla.redhat.com/show_bug.cgi?id=558460 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds