CentOS Local Security Checks : CentOS Update for foomatic CESA-2011:1109 centos5 x86

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.881246

Categoría: CentOS Local Security Checks

Título: CentOS Update for foomatic CESA-2011:1109 centos5 x86_64

Resumen: The remote host is missing an update for the 'foomatic'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'foomatic'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Foomatic is a comprehensive, spooler-independent database of printers,
printer drivers, and driver descriptions. The package also includes
spooler-independent command line interfaces to manipulate queues and to
print files and manipulate print jobs. foomatic-rip is a print filter
written in Perl.

An input sanitization flaw was found in the foomatic-rip print filter. An
attacker could submit a print job with the username, title, or job options
set to appear as a command line option that caused the filter to use a
specified PostScript printer description (PPD) file, rather than the
administrator-set one. This could lead to arbitrary code execution with the
privileges of the 'lp' user. (CVE-2011-2697)

All foomatic users should upgrade to this updated package, which contains
a backported patch to resolve this issue.

Affected Software/OS:
foomatic on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2697
GLSA-201203-07
http://security.gentoo.org/glsa/glsa-201203-07.xml
MDVSA-2011:125
http://www.mandriva.com/security/advisories?name=MDVSA-2011:125
USN-1194-1
http://www.ubuntu.com/usn/USN-1194-1
[oss-security] 20110713 CVE Request: hplip/foomatic-filters
http://www.openwall.com/lists/oss-security/2011/07/13/3
[oss-security] 20110718 Re: CVE Request: hplip/foomatic-filters
http://www.openwall.com/lists/oss-security/2011/07/18/3
[oss-security] 20110728 Re: CVE Request: hplip/foomatic-filters
http://www.openwall.com/lists/oss-security/2011/07/28/1
hplinuxprinting-foomaticriphplip-code-exec(68993)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68993
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://bugzilla.novell.com/show_bug.cgi?id=698451
https://bugzilla.redhat.com/show_bug.cgi?id=721001

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.881246
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for foomatic CESA-2011:1109 centos5 x86_64
Resumen:	The remote host is missing an update for the 'foomatic'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'foomatic' package(s) announced via the referenced advisory. Vulnerability Insight: Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in Perl. An input sanitization flaw was found in the foomatic-rip print filter. An attacker could submit a print job with the username, title, or job options set to appear as a command line option that caused the filter to use a specified PostScript printer description (PPD) file, rather than the administrator-set one. This could lead to arbitrary code execution with the privileges of the 'lp' user. (CVE-2011-2697) All foomatic users should upgrade to this updated package, which contains a backported patch to resolve this issue. Affected Software/OS: foomatic on CentOS 5 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2697 GLSA-201203-07 http://security.gentoo.org/glsa/glsa-201203-07.xml MDVSA-2011:125 http://www.mandriva.com/security/advisories?name=MDVSA-2011:125 USN-1194-1 http://www.ubuntu.com/usn/USN-1194-1 [oss-security] 20110713 CVE Request: hplip/foomatic-filters http://www.openwall.com/lists/oss-security/2011/07/13/3 [oss-security] 20110718 Re: CVE Request: hplip/foomatic-filters http://www.openwall.com/lists/oss-security/2011/07/18/3 [oss-security] 20110728 Re: CVE Request: hplip/foomatic-filters http://www.openwall.com/lists/oss-security/2011/07/28/1 hplinuxprinting-foomaticriphplip-code-exec(68993) https://exchange.xforce.ibmcloud.com/vulnerabilities/68993 http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://bugzilla.novell.com/show_bug.cgi?id=698451 https://bugzilla.redhat.com/show_bug.cgi?id=721001
Copyright	Copyright (C) 2012 Greenbone AG