SynopsisThe remote openSUSE host is missing a security update.
Descriptionlppasswd when running setuid or setgid still honors environment variables that specify the location of message files. Local attackers could exploit that to gather information by using crafted format strings (CVE-2010-0393).
The previous fix for a use-after-free vulnerability (CVE-2009-3553) was incomplete (CVE-2010-0302).
SolutionUpdate the affected cups packages.