Mandriva Linux Security Advisory : cups (MDVSA-2012:179)
High Nessus Plugin ID 63257
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered and corrected in cups :
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface (CVE-2012-5519).
The updated packages have been patched to correct this issue.
SolutionUpdate the affected packages.