Mandriva Linux Security Advisory : cups (MDVSA-2013:034)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated cups packages fixes bugs and security vulnerabilities :

During the process of CUPS socket activation code refactoring in
favour of systemd capability a security flaw was found in the way CUPS
service honoured Listen localhost:631 cupsd.conf configuration option.
The setting was recognized properly for IPv4-enabled systems, but
failed to be correctly applied for IPv6-enabled systems. As a result,
a remote attacker could use this flaw to obtain (unauthorized) access
to the CUPS web-based administration interface (CVE-2012-6094). The
fix for now is to not enable IP-based systemd socket activation by
default.

This update adds a patch to correct printing problems with some USB
connected printers in cups 1.5.4.

Further, this update should correct possible printing problems with
the following printers since the update to cups 1.5.4.

Canon, Inc. PIXMA iP4200 Canon, Inc. PIXMA iP4300 Canon, Inc. MP500
Canon, Inc. MP510 Canon, Inc. MP550 Canon, Inc. MP560 Brother
Industries, Ltd, HL-1430 Laser Printer Brother Industries, Ltd,
HL-1440 Laser Printer Oki Data Corp. Okipage 14ex Printer Oki Data
Corp. B410d Xerox Phaser 3124 All Zebra devices

Additionally, patches have been added to fix printing from newer apple
devices and to correct an error in the \%post script which prevented
the cups service from starting when freshly installed.

See also :

https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0244

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 66048 ()

Bugtraq ID: 57158

CVE ID: CVE-2012-6094

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now