From oss-security: cups-pk-helper (versions up to 0.2.2) wraps cupsGetFile/cupsPutFile in an insecure way. Since cups-pk-helper is running as root, this could lead to uploading sensitive data to a cups resource, or overwriting specific files with the content of a cups resource. The flaw is however mitigated by the fact that it cannot be exploited without the user explicitly approving the action (via polkit authentication with the admin password). This has been fixed in cups-pk-helper 0.2.3: http://www.freedesktop.org/software/cups-pk-helper/releases/cups-pk-helper-0.2.3.tar.xz Thanks to Sebastian Krahmer and Alexander Peslyak for their help in reviewing the fix. Reference: CVE-2012-4510 About cups-pk-helper: cups-pk-helper is a PolicyKit helper to configure cups with fine-grained privileges. See http://www.freedesktop.org/wiki/Software/cups-pk-helper
Thanks, fixed in cups-pk-helper-0.2.4. According to the list in bug #427544, it needs to be stabilized for alpha, amd64, arm, and x86. >*cups-pk-helper-0.2.4 (16 Oct 2012) > > 16 Oct 2012; Alexandre Rostovtsev <tetromino@gentoo.org> > -cups-pk-helper-0.2.1.ebuild, cups-pk-helper-0.2.2.ebuild, > +cups-pk-helper-0.2.4.ebuild: > Version bump; fixes a security flaw that allowed users to overwrite system > files (bug #438450, CVE-2012-4510). Update license. Drop old.
Arches, please test and mark stable: =net-print/cups-pk-helper-0.2.4 Target keywords : "alpha amd64 arm x86" alpha is already stable
amd64 stable
arm stable
x86 done, last arch!
Thanks, everyone. GLSA vote: no.
CVE-2012-4510 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4510): cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.
Vote: No. Closing noglsa.
