system security update

2011-08-2910:20:22

CentOS Project

lists.centos.org

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.005

Percentile

77.1%

JSON

CentOS Errata and Security Advisory CESA-2011:1196

system-config-printer is a print queue configuration tool with a graphical
user interface.

It was found that system-config-printer did not properly sanitize NetBIOS
and workgroup names when searching for network printers. A remote attacker
could use this flaw to execute arbitrary code with the privileges of the
user running system-config-printer. (CVE-2011-2899)

All users of system-config-printer are advised to upgrade to these updated
packages, which contain a backported patch to resolve this issue. Running
instances of system-config-printer must be restarted for this update to
take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2011-August/079866.html
https://lists.centos.org/pipermail/centos-announce/2011-August/079867.html
https://lists.centos.org/pipermail/centos-announce/2011-September/080153.html
https://lists.centos.org/pipermail/centos-announce/2011-September/080154.html
https://lists.centos.org/pipermail/centos-cr-announce/2011-September/026482.html
https://lists.centos.org/pipermail/centos-cr-announce/2011-September/026483.html

Affected packages:
system-config-printer
system-config-printer-gui
system-config-printer-libs

Upstream details at:
https://access.redhat.com/errata/RHSA-2011:1196

OSVersionArchitecturePackageVersionFilename
CentOS4i386system-config-printer< 0.6.116.10-1.6.el4system-config-printer-0.6.116.10-1.6.el4.i386.rpm
CentOS4i386system-config-printer-gui< 0.6.116.10-1.6.el4system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm
CentOS4x86_64system-config-printer< 0.6.116.10-1.6.el4system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm
CentOS4x86_64system-config-printer-gui< 0.6.116.10-1.6.el4system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm
CentOS5i386system-config-printer< 0.7.32.10-1.el5_7.1system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm
CentOS5i386system-config-printer-libs< 0.7.32.10-1.el5_7.1system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm
CentOS5x86_64system-config-printer< 0.7.32.10-1.el5_7.1system-config-printer-0.7.32.10-1.el5_7.1.x86_64.rpm
CentOS5x86_64system-config-printer-libs< 0.7.32.10-1.el5_7.1system-config-printer-libs-0.7.32.10-1.el5_7.1.x86_64.rpm
CentOS5i386system-config-printer< 0.7.32.10-1.el5_7.1system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm
CentOS5i386system-config-printer-libs< 0.7.32.10-1.el5_7.1system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	4	i386	system-config-printer	< 0.6.116.10-1.6.el4	system-config-printer-0.6.116.10-1.6.el4.i386.rpm
CentOS	4	i386	system-config-printer-gui	< 0.6.116.10-1.6.el4	system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm
CentOS	4	x86_64	system-config-printer	< 0.6.116.10-1.6.el4	system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm
CentOS	4	x86_64	system-config-printer-gui	< 0.6.116.10-1.6.el4	system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm
CentOS	5	i386	system-config-printer	< 0.7.32.10-1.el5_7.1	system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm
CentOS	5	i386	system-config-printer-libs	< 0.7.32.10-1.el5_7.1	system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm
CentOS	5	x86_64	system-config-printer	< 0.7.32.10-1.el5_7.1	system-config-printer-0.7.32.10-1.el5_7.1.x86_64.rpm
CentOS	5	x86_64	system-config-printer-libs	< 0.7.32.10-1.el5_7.1	system-config-printer-libs-0.7.32.10-1.el5_7.1.x86_64.rpm
CentOS	5	i386	system-config-printer	< 0.7.32.10-1.el5_7.1	system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm
CentOS	5	i386	system-config-printer-libs	< 0.7.32.10-1.el5_7.1	system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm