|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for foomatic RHSA-2011:1110-01|
|Summary:||The remote host is missing an update for the 'foomatic'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'foomatic'
package(s) announced via the referenced advisory.
Foomatic is a comprehensive, spooler-independent database of printers,
printer drivers, and driver descriptions. The package also includes
spooler-independent command line interfaces to manipulate queues and to
print files and manipulate print jobs. foomatic-rip is a print filter
written in C.
An input sanitization flaw was found in the foomatic-rip print filter. An
attacker could submit a print job with the username, title, or job options
set to appear as a command line option that caused the filter to use a
specified PostScript printer description (PPD) file, rather than the
administrator-set one. This could lead to arbitrary code execution with the
privileges of the 'lp' user. (CVE-2011-2964)
All foomatic users should upgrade to this updated package, which contains
a backported patch to resolve this issue.
foomatic on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2011-2964|
XForce ISS Database: foomatic-foomatic-code-execution(68994)
|Copyright||Copyright (c) 2012 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.