Detections
Analytics

Mandriva Linux Security Advisory : cups (MDVSA-2013:034)

high Nessus Plugin ID 66048

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated cups packages fixes bugs and security vulnerabilities :

During the process of CUPS socket activation code refactoring in favour of systemd capability a security flaw was found in the way CUPS service honoured Listen localhost:631 cupsd.conf configuration option.
The setting was recognized properly for IPv4-enabled systems, but failed to be correctly applied for IPv6-enabled systems. As a result, a remote attacker could use this flaw to obtain (unauthorized) access to the CUPS web-based administration interface (CVE-2012-6094). The fix for now is to not enable IP-based systemd socket activation by default.

This update adds a patch to correct printing problems with some USB connected printers in cups 1.5.4.

Further, this update should correct possible printing problems with the following printers since the update to cups 1.5.4.

Canon, Inc. PIXMA iP4200 Canon, Inc. PIXMA iP4300 Canon, Inc. MP500 Canon, Inc. MP510 Canon, Inc. MP550 Canon, Inc. MP560 Brother Industries, Ltd, HL-1430 Laser Printer Brother Industries, Ltd, HL-1440 Laser Printer Oki Data Corp. Okipage 14ex Printer Oki Data Corp. B410d Xerox Phaser 3124 All Zebra devices

Additionally, patches have been added to fix printing from newer apple devices and to correct an error in the \%post script which prevented the cups service from starting when freshly installed.

Solution

Update the affected packages.

See Also

https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0244

Plugin Details

Severity: High

ID: 66048

File Name: mandriva_MDVSA-2013-034.nasl

Version: 1.8

Type: local

Published: 4/20/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:cups, p-cpe:/a:mandriva:linux:cups-common, p-cpe:/a:mandriva:linux:cups-serial, p-cpe:/a:mandriva:linux:lib64cups2, p-cpe:/a:mandriva:linux:lib64cups2-devel, p-cpe:/a:mandriva:linux:php-cups, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/5/2013

Reference Information

CVE: CVE-2012-6094

BID: 57158

MDVSA: 2013:034

MGASA: 2013-0004