Upstream information

CVE-2012-4510 at MITRE

Description

cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 783488 [REOPENED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • cups-pk-helper >= 0.2.5-3.75
  • cups-pk-helper-lang >= 0.2.5-3.75
Patchnames:
SUSE Linux Enterprise Desktop 12 GA cups-pk-helper
SUSE Linux Enterprise Desktop 12 SP1
  • cups-pk-helper >= 0.2.5-3.75
  • cups-pk-helper-lang >= 0.2.5-3.75
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA cups-pk-helper
SUSE Linux Enterprise Desktop 12 SP2
  • cups-pk-helper >= 0.2.5-3.75
  • cups-pk-helper-lang >= 0.2.5-3.75
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA cups-pk-helper
SUSE Linux Enterprise Desktop 12 SP3
  • cups-pk-helper >= 0.2.5-5.1
  • cups-pk-helper-lang >= 0.2.5-5.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA cups-pk-helper
SUSE Linux Enterprise Module for Desktop Applications 15
  • cups-pk-helper >= 0.2.6-1.36
  • cups-pk-helper-lang >= 0.2.6-1.36
Patchnames:
SUSE Linux Enterprise Module for Desktop Applications 15 GA cups-pk-helper
SUSE Linux Enterprise Server 11 SP3
  • system-config-printer >= 1.0.8-9.23.44
  • system-config-printer-lang >= 1.0.8-9.23.44
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA system-config-printer
SUSE Linux Enterprise Server 11 SP4
  • system-config-printer >= 1.0.8-9.23.44
  • system-config-printer-lang >= 1.0.8-9.23.44
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA system-config-printer
SUSE Linux Enterprise Server 12
  • cups-pk-helper >= 0.2.5-3.75
  • cups-pk-helper-lang >= 0.2.5-3.75
Patchnames:
SUSE Linux Enterprise Server 12 GA cups-pk-helper
SUSE Linux Enterprise Server 12 SP1
  • cups-pk-helper >= 0.2.5-3.75
  • cups-pk-helper-lang >= 0.2.5-3.75
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA cups-pk-helper
SUSE Linux Enterprise Server 12 SP2
  • cups-pk-helper >= 0.2.5-3.75
  • cups-pk-helper-lang >= 0.2.5-3.75
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA cups-pk-helper
SUSE Linux Enterprise Server 12 SP3
  • cups-pk-helper >= 0.2.5-5.1
  • cups-pk-helper-lang >= 0.2.5-5.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA cups-pk-helper
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • cups-pk-helper >= 0.2.5-3.72
  • cups-pk-helper-lang >= 0.2.5-3.72
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA cups-pk-helper
openSUSE Leap 15.0
  • cups-pk-helper >= 0.2.6-lp150.1.6
  • cups-pk-helper-lang >= 0.2.6-lp150.1.6
Patchnames:
openSUSE Leap 15.0 GA cups-pk-helper
openSUSE Leap 42.1
  • cups-pk-helper >= 0.2.5-5.1
  • cups-pk-helper-lang >= 0.2.5-5.1
Patchnames:
openSUSE Leap 42.1 GA cups-pk-helper
openSUSE Leap 42.2
  • cups-pk-helper >= 0.2.5-6.4
  • cups-pk-helper-lang >= 0.2.5-6.4
Patchnames:
openSUSE Leap 42.2 GA cups-pk-helper
openSUSE Leap 42.3
  • cups-pk-helper >= 0.2.5-9.1
  • cups-pk-helper-lang >= 0.2.5-9.1
Patchnames:
openSUSE Leap 42.3 GA cups-pk-helper
openSUSE Tumbleweed
  • cups-pk-helper >= 0.2.6-1.5
  • cups-pk-helper-lang >= 0.2.6-1.5
Patchnames:
openSUSE Tumbleweed GA cups-pk-helper