CentOS Local Security Checks : CentOS Update for foomatic CESA-2011:1109 centos4 x86

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.881351

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for foomatic CESA-2011:1109 centos4 x86_64

Zusammenfassung: The remote host is missing an update for the 'foomatic'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'foomatic'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Foomatic is a comprehensive, spooler-independent database of printers,
printer drivers, and driver descriptions. The package also includes
spooler-independent command line interfaces to manipulate queues and to
print files and manipulate print jobs. foomatic-rip is a print filter
written in Perl.

An input sanitization flaw was found in the foomatic-rip print filter. An
attacker could submit a print job with the username, title, or job options
set to appear as a command line option that caused the filter to use a
specified PostScript printer description (PPD) file, rather than the
administrator-set one. This could lead to arbitrary code execution with the
privileges of the 'lp' user. (CVE-2011-2697)

All foomatic users should upgrade to this updated package, which contains
a backported patch to resolve this issue.

Affected Software/OS:
foomatic on CentOS 4

Solution:
Please install the updated packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-2697
GLSA-201203-07
http://security.gentoo.org/glsa/glsa-201203-07.xml
MDVSA-2011:125
http://www.mandriva.com/security/advisories?name=MDVSA-2011:125
USN-1194-1
http://www.ubuntu.com/usn/USN-1194-1
[oss-security] 20110713 CVE Request: hplip/foomatic-filters
http://www.openwall.com/lists/oss-security/2011/07/13/3
[oss-security] 20110718 Re: CVE Request: hplip/foomatic-filters
http://www.openwall.com/lists/oss-security/2011/07/18/3
[oss-security] 20110728 Re: CVE Request: hplip/foomatic-filters
http://www.openwall.com/lists/oss-security/2011/07/28/1
hplinuxprinting-foomaticriphplip-code-exec(68993)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68993
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
https://bugzilla.novell.com/show_bug.cgi?id=698451
https://bugzilla.redhat.com/show_bug.cgi?id=721001

Copyright Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.881351
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for foomatic CESA-2011:1109 centos4 x86_64
Zusammenfassung:	The remote host is missing an update for the 'foomatic'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'foomatic' package(s) announced via the referenced advisory. Vulnerability Insight: Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in Perl. An input sanitization flaw was found in the foomatic-rip print filter. An attacker could submit a print job with the username, title, or job options set to appear as a command line option that caused the filter to use a specified PostScript printer description (PPD) file, rather than the administrator-set one. This could lead to arbitrary code execution with the privileges of the 'lp' user. (CVE-2011-2697) All foomatic users should upgrade to this updated package, which contains a backported patch to resolve this issue. Affected Software/OS: foomatic on CentOS 4 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2697 GLSA-201203-07 http://security.gentoo.org/glsa/glsa-201203-07.xml MDVSA-2011:125 http://www.mandriva.com/security/advisories?name=MDVSA-2011:125 USN-1194-1 http://www.ubuntu.com/usn/USN-1194-1 [oss-security] 20110713 CVE Request: hplip/foomatic-filters http://www.openwall.com/lists/oss-security/2011/07/13/3 [oss-security] 20110718 Re: CVE Request: hplip/foomatic-filters http://www.openwall.com/lists/oss-security/2011/07/18/3 [oss-security] 20110728 Re: CVE Request: hplip/foomatic-filters http://www.openwall.com/lists/oss-security/2011/07/28/1 hplinuxprinting-foomaticriphplip-code-exec(68993) https://exchange.xforce.ibmcloud.com/vulnerabilities/68993 http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://bugzilla.novell.com/show_bug.cgi?id=698451 https://bugzilla.redhat.com/show_bug.cgi?id=721001
Copyright	Copyright (C) 2012 Greenbone AG