Ubuntu
cups-pk-helper package

cups-pk-helper security vulnerability CVE-2012-4510

Bug #1083416 reported by Jeremy Bícha
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cups-pk-helper (Ubuntu)
Fix Released
Undecided
Unassigned
Oneiric
Fix Released
Undecided
Unassigned
Precise
Fix Released
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned

Bug Description

cups-pk-helper, a PolicyKit helper to configure CUPS with fine-grained privileges, before 0.2.3 wrapped CUPS function calls in an insecure way. This could lead to uploading sensitive data to a CUPS resource, or overwriting specific files with the content of a CUPS resource. The user would have to explicitly approve the action.

Jeremy Bícha (jbicha)
Changed in cups-pk-helper (Ubuntu):
status: New → Fix Released
Revision history for this message
Jeremy Bícha (jbicha) wrote :
Revision history for this message
Jeremy Bícha (jbicha) wrote :
Revision history for this message
Jeremy Bícha (jbicha) wrote :
Revision history for this message
Jeremy Bícha (jbicha) wrote :
Revision history for this message
Jeremy Bícha (jbicha) wrote :
Revision history for this message
Jeremy Bícha (jbicha) wrote :
Jeremy Bícha (jbicha)
Changed in cups-pk-helper (Ubuntu Precise):
status: New → Confirmed
Changed in cups-pk-helper (Ubuntu Quantal):
status: New → Confirmed
Jamie Strandboge (jdstrand)
Changed in cups-pk-helper (Ubuntu Oneiric):
status: New → Triaged
Changed in cups-pk-helper (Ubuntu Precise):
status: Confirmed → Triaged
Changed in cups-pk-helper (Ubuntu Quantal):
status: Confirmed → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks for your debdiffs!

The quantal patch should use 0.2.1.2-1ubuntu1.1 as the version per https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging. Otherwise it looks great. I'm fixing that and uploading to the security ppa now.

Changed in cups-pk-helper (Ubuntu Quantal):
status: Triaged → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

The precise patch should use 0.2.1.2-1ubuntu0.1 as the version per https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging. Otherwise it looks great. I'm also fixing that and uploading to the security ppa now.

Changed in cups-pk-helper (Ubuntu Precise):
status: Triaged → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

The oneiric patch should use 0.1.2-1ubuntu0.1 as the version per https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging. Otherwise it looks great. Once again, I'm fixing that and uploading to the security ppa now.

Changed in cups-pk-helper (Ubuntu Oneiric):
status: Triaged → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Jeremy, can you comment on the testing performed?

Revision history for this message
Jeremy Bícha (jbicha) wrote :

The only testing I've done is testing that it builds successfully. I don't have any test code to make sure that the patch fixes the vulnerability.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Jeremy, would you be able to at least install the packages and smoke test them?

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Incidentally, I am asking for this because the Fedora patch for Oneiric was against a different version and so was the upstream patches used for precise and quantal. I verified the patches against upstream and visually inspected them to make sure they were ok, but all of them applied with offsets. I'd like some confirmation that the package still works.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Pocket copied cups-pk-helper to proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
tags: added: sru-verification
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks!

Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

I have this package already installed for some weeks on my Quantal system as I have -proposed activated. system-config-printer works correctly for me, so there should be no regressions.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Scott Kitterman (kitterman) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cups-pk-helper - 0.2.1.2-1ubuntu0.1

---------------
cups-pk-helper (0.2.1.2-1ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: CUPS function calls were wrapped insecurely, which
    could be used to upload sensitive data to a CUPS resource, or overwrite
    specific files with the content of a CUPS resource. The user would have
    to explicitly approve the action. (LP: #1083416)
    - CVE-2012-4510
    - debian/patches/CVE-2012-4510-part1.patch: Copied from git
    - debian/patches/CVE-2012-4510-part2.patch: Copied from git
 -- Jeremy Bicha <email address hidden> Mon, 26 Nov 2012 22:34:18 -0500

Changed in cups-pk-helper (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Scott Kitterman (kitterman) wrote :

Also copied to precise-security, as requested.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cups-pk-helper - 0.1.2-1ubuntu0.1

---------------
cups-pk-helper (0.1.2-1ubuntu0.1) oneiric-security; urgency=low

  * SECURITY UPDATE: CUPS function calls were wrapped insecurely, which
    could be used to upload sensitive data to a CUPS resource, or overwrite
    specific files with the content of a CUPS resource. The user would have
    to explicitly approve the action. (LP: #1083416)
    - CVE-2012-4510
    - debian/patches/cups-pk-helper-CVE-2012-4510.patch: Copied from Fedora 16
 -- Jeremy Bicha <email address hidden> Mon, 26 Nov 2012 22:39:36 -0500

Changed in cups-pk-helper (Ubuntu Oneiric):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cups-pk-helper - 0.2.1.2-1ubuntu1.1

---------------
cups-pk-helper (0.2.1.2-1ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: CUPS function calls were wrapped insecurely, which
    could be used to upload sensitive data to a CUPS resource, or overwrite
    specific files with the content of a CUPS resource. The user would have
    to explicitly approve the action. (LP: #1083416)
    - CVE-2012-4510
    - debian/patches/CVE-2012-4510-part1.patch: Copied from git
    - debian/patches/CVE-2012-4510-part2.patch: Copied from git
 -- Jeremy Bicha <email address hidden> Mon, 26 Nov 2012 22:12:08 -0500

Changed in cups-pk-helper (Ubuntu Quantal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.