From Mageia wiki
MGASA-2012-0359
Date: | December 11th, 2012 |
Affected releases: | 2 |
Description:
Updated cups packages fix security vulnerability:
CUPS stores the web interface administrator key in /var/run/cups/certs/0
using certain permissions, which allows local users in the lpadmin group
to read or write arbitrary files as root by leveraging the web interface
(CVE-2012-5519).
Updated Packages:
cups-1.5.4-1.mga2
cups-common-1.5.4-1.mga2
cups-serial-1.5.4-1.mga2
lib(64)cups2-1.5.4-1.mga2
lib(64)cups2-devel-1.5.4-1.mga2
php-cups-1.5.4-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5519
http://www.ubuntu.com/usn/usn-1654-1/
https://bugs.mageia.org/show_bug.cgi?id=8318