http://www.cups.org/ shows that 1.7.1 fixes this: http://www.cups.org/str.php?L4319 It's not entirely clear if the CVE-2013-6891 mentioned in that bug is for this issue. This should affect us since our lppasswd binary is setuid. This is the case in Mageia 3 as well. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Blocks: (none) => 11726
Ubuntu has issued an advisory for this on January 15: http://www.ubuntu.com/usn/usn-2082-1/ It appears the CVE reference is correct.
URL: (none) => http://lwn.net/Vulnerabilities/580763/Summary: cups new security issue in lppasswd fixed upstream in 1.7.1 => cups new security issue in lppasswd fixed upstream in 1.7.1 (CVE-2013-6891)
fixed with cups-1.5.4-9.1.mga3 fixed in cauldron, needs to be submitted.
CC: (none) => oe
cups-1.7.0-5.mga4 uploaded for Cauldron. Assigning Mageia 3 update to QA. Advisory: ======================== Updated cups packages fix security vulnerability: Jann Horn discovered that the CUPS lppasswd tool incorrectly read a user configuration file in certain configurations. A local attacker could use this to read sensitive information from certain files, bypassing access restrictions (CVE-2013-6891). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6891 http://www.cups.org/str.php?L4319 http://www.ubuntu.com/usn/usn-2082-1/ ======================== Updated packages in core/updates_testing: ======================== cups-1.5.4-9.1.mga3 cups-common-1.5.4-9.1.mga3 cups-serial-1.5.4-9.1.mga3 libcups2-1.5.4-9.1.mga3 libcups2-devel-1.5.4-9.1.mga3 php-cups-1.5.4-9.1.mga3 from cups-1.5.4-9.1.mga3.src.rpm
Version: Cauldron => 3Blocks: 11726 => (none)Assignee: thierry.vignaud => qa-bugsWhiteboard: MGA3TOO => (none)
Severity: normal => major
No PoC on Securityfocus. Installed update mga3-32, printed an email which printed as expected.
CC: (none) => wrw105Whiteboard: (none) => mga3-32-ok
Installed update mga3-64, which prints to the mga3-32 box. Printed a LibreOffice document, all OK. Ready to validate when advisory is uploaded to svn.
Whiteboard: mga3-32-ok => mga3-32-ok mga3-64-OK
Advisory uploaded. Validating. Could sysadmin please push from 3 core/updates_testing to updates Thanks
Keywords: (none) => validated_updateWhiteboard: mga3-32-ok mga3-64-OK => advisory has_procedure mga3-32-ok mga3-64-OKCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0021.html
Status: NEW => RESOLVEDCC: (none) => tmbCVE: (none) => CVE-2013-6891Resolution: (none) => FIXED