USN-1265-1: system-config-printer vulnerability

17 November 2011

system-config-printer vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 11.10
  • Ubuntu 11.04

Summary

An attacker could trick system-config-printer into installing altered packages and repositories.

Software Description

  • system-config-printer - Python modules for printer configuration with CUPS

Details

Marc Deslauriers discovered that system-config-printer’s cupshelpers scripts used by the Ubuntu automatic printer driver download service queried the OpenPrinting database using an insecure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered packages and repositories.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 11.10
python-cupshelpers - 1.3.6+20110831-0ubuntu9.4
Ubuntu 11.04
python-cupshelpers - 1.3.1+20110222-0ubuntu16.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References