Skip to navigation

Security Advisory Moderate: system-config-printer security update

Advisory: RHSA-2011:1196-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-08-23
Last updated on: 2011-08-23
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2011-2899

Details

Updated system-config-printer packages that fix one security issue are now
available for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

system-config-printer is a print queue configuration tool with a graphical
user interface.

It was found that system-config-printer did not properly sanitize NetBIOS
and workgroup names when searching for network printers. A remote attacker
could use this flaw to execute arbitrary code with the privileges of the
user running system-config-printer. (CVE-2011-2899)

All users of system-config-printer are advised to upgrade to these updated
packages, which contain a backported patch to resolve this issue. Running
instances of system-config-printer must be restarted for this update to
take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
system-config-printer-0.6.116.10-1.6.el4.src.rpm     MD5: 941d4d966ed48be0863b41951d38e560
SHA-256: 19551fb5c019e381d053463a096d6b55767f1446fb28eae0065534c72e48c205
 
IA-32:
system-config-printer-0.6.116.10-1.6.el4.i386.rpm     MD5: 917ee426098a3c0771497a38b0bffb2f
SHA-256: e3c18bf7148396e5bba61344d0712af136b2ddf5a182166da49a3256c26f0c62
system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm     MD5: bd6e6d581a9ce737b4eea3c17d55bd47
SHA-256: 00673f1400ea4d7365376d196c377e48a342bcf30bae044c79d12e4bcfea397c
 
x86_64:
system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm     MD5: 2797d601113a10fabc307d857a4fc93a
SHA-256: 03b0e4ea2be2abbaa8db6f5bc29c1832022087a5566f7fd2304024884383f8e1
system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm     MD5: 8df2d77af24e4b3b4ae9d8b98edf9904
SHA-256: c778268fb12a5f2f19c750dbd2a866364680e5a7c660634fcb6603d504000a29
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
system-config-printer-0.7.32.10-1.el5_7.1.src.rpm
File outdated by:  RHBA-2013:0051
    MD5: 291a7a15d906aef88b9ae80506b500b7
SHA-256: 86eb46d60bf0810e496bfdaa641ca50eed5bc829ad10b93118b759c4b8406f57
 
IA-32:
system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm
File outdated by:  RHBA-2013:0051
    MD5: 5b6f511b9f74868f2b5c34a0e1283a92
SHA-256: 3b0b1db98952b33b3c7a7a60da864e346ac1ae6e52cf9823436d365e5916aa76
system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm
File outdated by:  RHBA-2013:0051
    MD5: 9e427ef19ff35d144a7103ca80e8c2f9
SHA-256: 4fe23cba4855f834b08b4da0f9be0211365d9b45cc3eff0503aa777e57f5747c
 
IA-64:
system-config-printer-0.7.32.10-1.el5_7.1.ia64.rpm
File outdated by:  RHBA-2013:0051
    MD5: dc79264d2303153ad52c507bf007b34c
SHA-256: 2b4acda438272e5656c2f577000213cc1e9b3f3406df304e93c42cc60870589a
system-config-printer-libs-0.7.32.10-1.el5_7.1.ia64.rpm
File outdated by:  RHBA-2013:0051
    MD5: 6182f65a89c6da470ef78ab90bd084ad
SHA-256: 4c8355de0916d2fb4f119c456d816b613b9ccb2cc512f39d4e765da3102c44a6
 
PPC:
system-config-printer-0.7.32.10-1.el5_7.1.ppc.rpm
File outdated by:  RHBA-2013:0051
    MD5: 33356bd3078edad0bea0688608076a3b
SHA-256: 8a72adc023c36c26ae5ec6efd497294e31d6a6f330ad649843bad44b3de76abd
system-config-printer-libs-0.7.32.10-1.el5_7.1.ppc.rpm
File outdated by:  RHBA-2013:0051
    MD5: 432f300e8a51a8f8d68abc006752ab34
SHA-256: d9f554b5d90facb170876f8c5fefa783b0832be2a43c436fde047864a07a4290
 
s390x:
system-config-printer-0.7.32.10-1.el5_7.1.s390x.rpm
File outdated by:  RHBA-2013:0051
    MD5: a41d19404dc2b0c935e791adbfd1bd43
SHA-256: b47f65b35db52f5d6b08b881deb7658b54f44976776f1c8798ab2b4697c05417
system-config-printer-libs-0.7.32.10-1.el5_7.1.s390x.rpm
File outdated by:  RHBA-2013:0051
    MD5: c863bfcdeceba8ac85899b49b2b8a8b1
SHA-256: bbf635215a492915ab79f6e7fece3f0ce43dd77ca6a0692733d0a5fdbbfbef95
 
x86_64:
system-config-printer-0.7.32.10-1.el5_7.1.x86_64.rpm
File outdated by:  RHBA-2013:0051
    MD5: 7cb8a4ef5c72d24e479237a7435a168e
SHA-256: c7c126e410ea339f47615c63bfd1833465af71c779078ee4ea9a559b46d3c022
system-config-printer-libs-0.7.32.10-1.el5_7.1.x86_64.rpm
File outdated by:  RHBA-2013:0051
    MD5: 1bddf11c1c697a0bd10b057478d59dc8
SHA-256: 0b456145aea46096ea2e9b1a88815bdbf91a5c821dfdc1312fc3c5346b87851f
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
system-config-printer-0.6.116.10-1.6.el4.src.rpm     MD5: 941d4d966ed48be0863b41951d38e560
SHA-256: 19551fb5c019e381d053463a096d6b55767f1446fb28eae0065534c72e48c205
 
IA-32:
system-config-printer-0.6.116.10-1.6.el4.i386.rpm     MD5: 917ee426098a3c0771497a38b0bffb2f
SHA-256: e3c18bf7148396e5bba61344d0712af136b2ddf5a182166da49a3256c26f0c62
system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm     MD5: bd6e6d581a9ce737b4eea3c17d55bd47
SHA-256: 00673f1400ea4d7365376d196c377e48a342bcf30bae044c79d12e4bcfea397c
 
IA-64:
system-config-printer-0.6.116.10-1.6.el4.ia64.rpm     MD5: 02375be0c0900b024da45b5b8ac43be1
SHA-256: 3f520089e194a1f1db53f5c332349b28e663d25e63fac255f5993790b868f87a
system-config-printer-gui-0.6.116.10-1.6.el4.ia64.rpm     MD5: facfc0c04c5494aed9c1f4253b3e7e71
SHA-256: 3a31e9698af3a53205d3d64609115b7b0ef52d64c932b5fd12aba0d24599bba3
 
PPC:
system-config-printer-0.6.116.10-1.6.el4.ppc.rpm     MD5: bb73499275f4ee6d6f10986c2a5a231a
SHA-256: 8e7fbacbc1c0e9110e2307cae08ade8247337954bbc57ddffca80160b7a663d9
system-config-printer-gui-0.6.116.10-1.6.el4.ppc.rpm     MD5: f952fda4dcde0f9f5d94fbcb310ce447
SHA-256: 1dae4aafb94b071af5c23c1bfb5282d77bb5d287bfd03e2fabe145a7b6f4704d
 
s390:
system-config-printer-0.6.116.10-1.6.el4.s390.rpm     MD5: c967c64ff796a14aa42063535162b786
SHA-256: 9bfad2a81b8352a20a7ce73643da2aa31a3a3e587bdc3b92f74b48879a4bf38d
system-config-printer-gui-0.6.116.10-1.6.el4.s390.rpm     MD5: 04ba3b12c929d25bdae3238e720bffe7
SHA-256: c2860f5f318f3c041530edf9b220bbfa8e603949f796485ac56e5b560990eb0c
 
s390x:
system-config-printer-0.6.116.10-1.6.el4.s390x.rpm     MD5: 779d7a8528196974343ee9bca53bfddf
SHA-256: b649428f2a8b5abab58a25f52a0712b86bd614a8266e4bae6f11b180be773e1b
system-config-printer-gui-0.6.116.10-1.6.el4.s390x.rpm     MD5: 83e357b2096c430fb83edfa819664e97
SHA-256: 13988757d8ce93628b151c9745e47f2f6f336639eccab95c73178e5eb9f1e770
 
x86_64:
system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm     MD5: 2797d601113a10fabc307d857a4fc93a
SHA-256: 03b0e4ea2be2abbaa8db6f5bc29c1832022087a5566f7fd2304024884383f8e1
system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm     MD5: 8df2d77af24e4b3b4ae9d8b98edf9904
SHA-256: c778268fb12a5f2f19c750dbd2a866364680e5a7c660634fcb6603d504000a29
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
system-config-printer-0.7.32.10-1.el5_7.1.src.rpm
File outdated by:  RHBA-2013:0051
    MD5: 291a7a15d906aef88b9ae80506b500b7
SHA-256: 86eb46d60bf0810e496bfdaa641ca50eed5bc829ad10b93118b759c4b8406f57
 
IA-32:
system-config-printer-0.7.32.10-1.el5_7.1.i386.rpm
File outdated by:  RHBA-2013:0051
    MD5: 5b6f511b9f74868f2b5c34a0e1283a92
SHA-256: 3b0b1db98952b33b3c7a7a60da864e346ac1ae6e52cf9823436d365e5916aa76
system-config-printer-libs-0.7.32.10-1.el5_7.1.i386.rpm
File outdated by:  RHBA-2013:0051
    MD5: 9e427ef19ff35d144a7103ca80e8c2f9
SHA-256: 4fe23cba4855f834b08b4da0f9be0211365d9b45cc3eff0503aa777e57f5747c
 
x86_64:
system-config-printer-0.7.32.10-1.el5_7.1.x86_64.rpm
File outdated by:  RHBA-2013:0051
    MD5: 7cb8a4ef5c72d24e479237a7435a168e
SHA-256: c7c126e410ea339f47615c63bfd1833465af71c779078ee4ea9a559b46d3c022
system-config-printer-libs-0.7.32.10-1.el5_7.1.x86_64.rpm
File outdated by:  RHBA-2013:0051
    MD5: 1bddf11c1c697a0bd10b057478d59dc8
SHA-256: 0b456145aea46096ea2e9b1a88815bdbf91a5c821dfdc1312fc3c5346b87851f
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
system-config-printer-0.6.116.10-1.6.el4.src.rpm     MD5: 941d4d966ed48be0863b41951d38e560
SHA-256: 19551fb5c019e381d053463a096d6b55767f1446fb28eae0065534c72e48c205
 
IA-32:
system-config-printer-0.6.116.10-1.6.el4.i386.rpm     MD5: 917ee426098a3c0771497a38b0bffb2f
SHA-256: e3c18bf7148396e5bba61344d0712af136b2ddf5a182166da49a3256c26f0c62
system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm     MD5: bd6e6d581a9ce737b4eea3c17d55bd47
SHA-256: 00673f1400ea4d7365376d196c377e48a342bcf30bae044c79d12e4bcfea397c
 
IA-64:
system-config-printer-0.6.116.10-1.6.el4.ia64.rpm     MD5: 02375be0c0900b024da45b5b8ac43be1
SHA-256: 3f520089e194a1f1db53f5c332349b28e663d25e63fac255f5993790b868f87a
system-config-printer-gui-0.6.116.10-1.6.el4.ia64.rpm     MD5: facfc0c04c5494aed9c1f4253b3e7e71
SHA-256: 3a31e9698af3a53205d3d64609115b7b0ef52d64c932b5fd12aba0d24599bba3
 
x86_64:
system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm     MD5: 2797d601113a10fabc307d857a4fc93a
SHA-256: 03b0e4ea2be2abbaa8db6f5bc29c1832022087a5566f7fd2304024884383f8e1
system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm     MD5: 8df2d77af24e4b3b4ae9d8b98edf9904
SHA-256: c778268fb12a5f2f19c750dbd2a866364680e5a7c660634fcb6603d504000a29
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
system-config-printer-0.6.116.10-1.6.el4.src.rpm     MD5: 941d4d966ed48be0863b41951d38e560
SHA-256: 19551fb5c019e381d053463a096d6b55767f1446fb28eae0065534c72e48c205
 
IA-32:
system-config-printer-0.6.116.10-1.6.el4.i386.rpm     MD5: 917ee426098a3c0771497a38b0bffb2f
SHA-256: e3c18bf7148396e5bba61344d0712af136b2ddf5a182166da49a3256c26f0c62
system-config-printer-gui-0.6.116.10-1.6.el4.i386.rpm     MD5: bd6e6d581a9ce737b4eea3c17d55bd47
SHA-256: 00673f1400ea4d7365376d196c377e48a342bcf30bae044c79d12e4bcfea397c
 
IA-64:
system-config-printer-0.6.116.10-1.6.el4.ia64.rpm     MD5: 02375be0c0900b024da45b5b8ac43be1
SHA-256: 3f520089e194a1f1db53f5c332349b28e663d25e63fac255f5993790b868f87a
system-config-printer-gui-0.6.116.10-1.6.el4.ia64.rpm     MD5: facfc0c04c5494aed9c1f4253b3e7e71
SHA-256: 3a31e9698af3a53205d3d64609115b7b0ef52d64c932b5fd12aba0d24599bba3
 
x86_64:
system-config-printer-0.6.116.10-1.6.el4.x86_64.rpm     MD5: 2797d601113a10fabc307d857a4fc93a
SHA-256: 03b0e4ea2be2abbaa8db6f5bc29c1832022087a5566f7fd2304024884383f8e1
system-config-printer-gui-0.6.116.10-1.6.el4.x86_64.rpm     MD5: 8df2d77af24e4b3b4ae9d8b98edf9904
SHA-256: c778268fb12a5f2f19c750dbd2a866364680e5a7c660634fcb6603d504000a29
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

728348 - CVE-2011-2899 system-config-printer: possible arbitrary code execution in pysmb.py due to improper escaping of hostnames


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/