Debian has issued an advisory on October 23: http://www.debian.org/security/2012/dsa-2562 Updated package uploaded for Cauldron; patched package uploaded for Mageia 2. Advisory: ======================== Updated cups-pk-helper package fixes security vulnerability: cups-pk-helper, a PolicyKit helper to configure CUPS with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a CUPS resource, or overwriting specific files with the content of a CUPS resource. The user would have to explicitly approve the action (CVE-2012-4510). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4510 http://www.debian.org/security/2012/dsa-2562 ======================== Updated packages in core/updates_testing: ======================== cups-pk-helper-0.2.1-1.1.mga2 from cups-pk-helper-0.2.1-1.1.mga2.src.rpm
No public poc that I've been able to find. As /usr/lib64/cups-pk-helper-mechanism handles the dbus changes for printers, for testing, just ensuring system-config-printer can disable and enable a printer. Testing shortly.
CC: (none) => davidwhodgins
Testing complete on Mageia 2 i586 and x86-64. Could someone from the sysadmin team push the srpm cups-pk-helper-0.2.1-1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates. Advisory: Updated cups-pk-helper package fixes security vulnerability: cups-pk-helper, a PolicyKit helper to configure CUPS with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a CUPS resource, or overwriting specific files with the content of a CUPS resource. The user would have to explicitly approve the action (CVE-2012-4510). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4510 http://www.debian.org/security/2012/dsa-2562 https://bugs.mageia.org/show_bug.cgi?id=7895
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: (none) => MGA2-64-OK MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0310
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED