USN-1265-1: system-config-printer vulnerability
Ubuntu Security Notice USN-1265-1
17th November, 2011
system-config-printer vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
Summary
An attacker could trick system-config-printer into installing altered packages and repositories.
Software description
- system-config-printer - CUPS integration with HAL
Details
Marc Deslauriers discovered that system-config-printer's cupshelpers
scripts used by the Ubuntu automatic printer driver download service
queried the OpenPrinting database using an insecure connection. If a remote
attacker were able to perform a man-in-the-middle attack, this flaw could
be exploited to install altered packages and repositories.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 11.10:
- python-cupshelpers 1.3.6+20110831-0ubuntu9.4
- Ubuntu 11.04:
- python-cupshelpers 1.3.1+20110222-0ubuntu16.5
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.