Moderate Update for System-Config-Printer on Scientific Linux 4 & 5

Date: Tue, 23 Aug 2011 12:22:17 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Moderate: system-config-printer on SL4.x,
 SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 
MIME-Version: 1.0

Synopsis: Moderate: system-config-printer security update
Issue Date: 2011-08-23
CVE Numbers: CVE-2011-2899

system-config-printer is a print queue configuration tool with a
graphical user interface.

It was found that system-config-printer did not properly sanitize
NetBIOS and workgroup names when searching for network printers. A
remote attacker could use this flaw to execute arbitrary code with the
privileges of the user running system-config-printer. (CVE-2011-2899)

All users of system-config-printer are advised to upgrade to these
updated packages, which contain a backported patch to resolve this
issue. Running instances of system-config-printer must be restarted for
this update to take effect.

SL4:
 i386
 system-config-printer-0.6.116.10-1.6.el4.i386.rpm
 system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm
 x86_64
 system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm
 system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm
SL5:
 i386
 system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm
 system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm
 x86_64
 system-config-printer-0.7.32.10-1.el5_7.1.x86_64.rpm
 system-config-printer-libs-0.7.32.10-1.el5_7.1.x86_64.rpm

- Scientific Linux Development Team