Mandriva Linux Security Advisory : cups (MDVSA-2013:034)
High Nessus Plugin ID 66048
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated cups packages fixes bugs and security vulnerabilities :
During the process of CUPS socket activation code refactoring in favour of systemd capability a security flaw was found in the way CUPS service honoured Listen localhost:631 cupsd.conf configuration option.
The setting was recognized properly for IPv4-enabled systems, but failed to be correctly applied for IPv6-enabled systems. As a result, a remote attacker could use this flaw to obtain (unauthorized) access to the CUPS web-based administration interface (CVE-2012-6094). The fix for now is to not enable IP-based systemd socket activation by default.
This update adds a patch to correct printing problems with some USB connected printers in cups 1.5.4.
Further, this update should correct possible printing problems with the following printers since the update to cups 1.5.4.
Canon, Inc. PIXMA iP4200 Canon, Inc. PIXMA iP4300 Canon, Inc. MP500 Canon, Inc. MP510 Canon, Inc. MP550 Canon, Inc. MP560 Brother Industries, Ltd, HL-1430 Laser Printer Brother Industries, Ltd, HL-1440 Laser Printer Oki Data Corp. Okipage 14ex Printer Oki Data Corp. B410d Xerox Phaser 3124 All Zebra devices
Additionally, patches have been added to fix printing from newer apple devices and to correct an error in the \%post script which prevented the cups service from starting when freshly installed.
SolutionUpdate the affected packages.