aru Posted September 20, 2005 Share Posted September 20, 2005 Mandriva Security Advisories MDKSA-2005:165 : cups Updated cups packages fix vulnerability September 19th, 2005 A vulnerability in CUPS would treat a Location directive in cupsd.conf as case-sensitive, allowing attackers to bypass intended ACLs via a printer name containing uppercase or lowecase letters that are different from that which was specified in the Location directive. This issue only affects versions of CUPS prior to 1.1.21rc1. The updated packages have been patched to correct this problem. The released versions of Mandriva GNU/Linux affected are: 10.0 CS2.1 CS3.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2005:165 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2154 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.14 2005/05/15 18:06:11 aru Exp aru $) Link to comment Share on other sites More sharing options...
Recommended Posts