USN-1265-1: system-config-printer vulnerability

Ubuntu Security Notice USN-1265-1

17th November, 2011

system-config-printer vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 11.10
  • Ubuntu 11.04

Summary

An attacker could trick system-config-printer into installing altered packages and repositories.

Software description

  • system-config-printer - CUPS integration with HAL

Details

Marc Deslauriers discovered that system-config-printer's cupshelpers
scripts used by the Ubuntu automatic printer driver download service
queried the OpenPrinting database using an insecure connection. If a remote
attacker were able to perform a man-in-the-middle attack, this flaw could
be exploited to install altered packages and repositories.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 11.10:
python-cupshelpers 1.3.6+20110831-0ubuntu9.4
Ubuntu 11.04:
python-cupshelpers 1.3.1+20110222-0ubuntu16.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-4405