CVE-2012-4510

Publication date 20 November 2012

Last updated 24 July 2024

Ubuntu priority

Description

cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cups-pk-helper	13.10 saucy	Not affected
	13.04 raring	Not affected
	12.10 quantal	Fixed 0.2.1.2-1ubuntu1.1
	12.04 LTS precise	Fixed 0.2.1.2-1ubuntu0.1
	11.10 oneiric	Fixed 0.1.2-1ubuntu0.1
	11.04 natty	Ignored end of life
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

Notes

seth-arnold

mitigated slightly by polkit requiring admin password

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
cups-pk-helper	Vendor: http://www.debian.org/security/2012/dsa-2562 Debdiff: https://bugs.launchpad.net/ubuntu/+source/cups-pk-helper/+bug/1083416