openSUSE Security Update: system-config-printer ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1331-1 Rating: moderate References: #733542 #735322 Cross-References: CVE-2011-2899 CVE-2011-4405 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: system-config-printer used an unauthenticated connection when downloading printer drivers from openprinting.org (CVE-2011-4405). This update disables the printer driver download feature. system-config-printer did not properly quote shell meta characters in SMB server or workgroup names when passing them to the shell (CVE-2011-2899). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch python-cupshelpers-5530 - openSUSE 11.3: zypper in -t patch python-cupshelpers-5530 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): python-cupshelpers-1.2.5-5.8.1 system-config-printer-1.2.5-5.8.1 udev-configure-printer-1.2.5-5.8.1 - openSUSE 11.4 (noarch): system-config-printer-lang-1.2.5-5.8.1 - openSUSE 11.3 (i586 x86_64): python-cupshelpers-1.2.0-2.5.1 system-config-printer-1.2.0-2.5.1 udev-configure-printer-1.2.0-2.5.1 - openSUSE 11.3 (noarch): system-config-printer-lang-1.2.0-2.5.1 References: http://support.novell.com/security/cve/CVE-2011-2899.html http://support.novell.com/security/cve/CVE-2011-4405.html https://bugzilla.novell.com/733542 https://bugzilla.novell.com/735322