Synopsis: Moderate: system-config-printer security update
Issue Date: 2011-08-23
CVE Numbers: CVE-2011-2899
—
system-config-printer is a print queue configuration tool with a graphical
user interface.
It was found that system-config-printer did not properly sanitize NetBIOS
and workgroup names when searching for network printers. A remote attacker
could use this flaw to execute arbitrary code with the privileges of the
user running system-config-printer. (CVE-2011-2899)
All users of system-config-printer are advised to upgrade to these updated
packages, which contain a backported patch to resolve this issue. Running
instances of system-config-printer must be restarted for this update to
take effect.
—
SL4
x86_64
system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm
system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm
i386
system-config-printer-0.6.116.10-1.6.el4.i386.rpm
system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm
SL5
x86_64
system-config-printer-0.7.32.10-1.el5_7.1.x86_64.rpm
system-config-printer-libs-0.7.32.10-1.el5_7.1.x86_64.rpm
i386
system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm
system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm
– Scientific Linux Development Team
