USN-1654-1: CUPS vulnerability
5 December 2012
CUPS could be made to read files or run programs as an administrator.
It was discovered that users in the lpadmin group could modify certain CUPS
configuration options to escalate privileges. An attacker could use this to
potentially gain root privileges.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.
This update adds the new cups-files.conf configuration file for privileged
CUPS settings. In certain customized environments, these settings may need
to be manually moved to this new file. For more information, please see the
updated documentation installed with this package and inspect the CUPS