USN-1265-1: system-config-printer vulnerability
17 November 2011
An attacker could trick system-config-printer into installing altered packages and repositories.
Releases
Packages
- system-config-printer - CUPS integration with HAL
Details
Marc Deslauriers discovered that system-config-printer's cupshelpers
scripts used by the Ubuntu automatic printer driver download service
queried the OpenPrinting database using an insecure connection. If a remote
attacker were able to perform a machine-in-the-middle attack, this flaw could
be exploited to install altered packages and repositories.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.10
Ubuntu 11.04
After a standard system update you need to reboot your computer to make
all the necessary changes.