USN-1265-1: system-config-printer vulnerability

Publication date

17 November 2011

Overview

An attacker could trick system-config-printer into installing altered packages and repositories.


Packages

Details

Marc Deslauriers discovered that system-config-printer’s cupshelpers
scripts used by the Ubuntu automatic printer driver download service
queried the OpenPrinting database using an insecure connection. If a remote
attacker were able to perform a machine-in-the-middle attack, this flaw could
be exploited to install altered packages and repositories.

Marc Deslauriers discovered that system-config-printer’s cupshelpers
scripts used by the Ubuntu automatic printer driver download service
queried the OpenPrinting database using an insecure connection. If a remote
attacker were able to perform a machine-in-the-middle attack, this flaw could
be exploited to install altered packages and repositories.

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
11.10 oneiric python-cupshelpers –  1.3.6+20110831-0ubuntu9.4
11.04 natty python-cupshelpers –  1.3.1+20110222-0ubuntu16.5

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›