Red Hat Local Security Checks : RedHat Security Advisory RHSA-2011:1109

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.70025

Kategorie: Red Hat Local Security Checks

Titel: RedHat Security Advisory RHSA-2011:1109

Zusammenfassung: NOSUMMARY

Beschreibung: Description:
The remote host is missing updates announced in
advisory RHSA-2011:1109.

Foomatic is a comprehensive, spooler-independent database of printers,
printer drivers, and driver descriptions. The package also includes
spooler-independent command line interfaces to manipulate queues and to
print files and manipulate print jobs. foomatic-rip is a print filter
written in Perl.

An input sanitization flaw was found in the foomatic-rip print filter. An
attacker could submit a print job with the username, title, or job options
set to appear as a command line option that caused the filter to use a
specified PostScript printer description (PPD) file, rather than the
administrator-set one. This could lead to arbitrary code execution with the
privileges of the lp user. (CVE-2011-2697)

All foomatic users should upgrade to this updated package, which contains
a backported patch to resolve this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2011-1109.html

Risk factor : High

CVSS Score:
6.8

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-2697
http://security.gentoo.org/glsa/glsa-201203-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:125
http://www.openwall.com/lists/oss-security/2011/07/13/3
http://www.openwall.com/lists/oss-security/2011/07/18/3
http://www.openwall.com/lists/oss-security/2011/07/28/1
http://www.ubuntu.com/usn/USN-1194-1
XForce ISS Database: hplinuxprinting-foomaticriphplip-code-exec(68993)
https://exchange.xforce.ibmcloud.com/vulnerabilities/68993

Copyright Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.70025
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2011:1109
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2011:1109. Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in Perl. An input sanitization flaw was found in the foomatic-rip print filter. An attacker could submit a print job with the username, title, or job options set to appear as a command line option that caused the filter to use a specified PostScript printer description (PPD) file, rather than the administrator-set one. This could lead to arbitrary code execution with the privileges of the lp user. (CVE-2011-2697) All foomatic users should upgrade to this updated package, which contains a backported patch to resolve this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2011-1109.html Risk factor : High CVSS Score: 6.8
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2697 http://security.gentoo.org/glsa/glsa-201203-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:125 http://www.openwall.com/lists/oss-security/2011/07/13/3 http://www.openwall.com/lists/oss-security/2011/07/18/3 http://www.openwall.com/lists/oss-security/2011/07/28/1 http://www.ubuntu.com/usn/USN-1194-1 XForce ISS Database: hplinuxprinting-foomaticriphplip-code-exec(68993) https://exchange.xforce.ibmcloud.com/vulnerabilities/68993
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com