Mandriva Linux Security Advisory : cups (MDVSA-2013:034)

High Nessus Plugin ID 66048


The remote Mandriva Linux host is missing one or more security updates.


Updated cups packages fixes bugs and security vulnerabilities :

During the process of CUPS socket activation code refactoring in favour of systemd capability a security flaw was found in the way CUPS service honoured Listen localhost:631 cupsd.conf configuration option.
The setting was recognized properly for IPv4-enabled systems, but failed to be correctly applied for IPv6-enabled systems. As a result, a remote attacker could use this flaw to obtain (unauthorized) access to the CUPS web-based administration interface (CVE-2012-6094). The fix for now is to not enable IP-based systemd socket activation by default.

This update adds a patch to correct printing problems with some USB connected printers in cups 1.5.4.

Further, this update should correct possible printing problems with the following printers since the update to cups 1.5.4.

Canon, Inc. PIXMA iP4200 Canon, Inc. PIXMA iP4300 Canon, Inc. MP500 Canon, Inc. MP510 Canon, Inc. MP550 Canon, Inc. MP560 Brother Industries, Ltd, HL-1430 Laser Printer Brother Industries, Ltd, HL-1440 Laser Printer Oki Data Corp. Okipage 14ex Printer Oki Data Corp. B410d Xerox Phaser 3124 All Zebra devices

Additionally, patches have been added to fix printing from newer apple devices and to correct an error in the \%post script which prevented the cups service from starting when freshly installed.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 66048

File Name: mandriva_MDVSA-2013-034.nasl

Version: $Revision: 1.5 $

Type: local

Published: 2013/04/20

Modified: 2016/05/17

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:ND

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:cups, p-cpe:/a:mandriva:linux:cups-common, p-cpe:/a:mandriva:linux:cups-serial, p-cpe:/a:mandriva:linux:lib64cups2, p-cpe:/a:mandriva:linux:lib64cups2-devel, p-cpe:/a:mandriva:linux:php-cups, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/04/05

Reference Information

CVE: CVE-2012-6094

BID: 57158

MDVSA: 2013:034

MGASA: 2013-0004