[Sussex] "cups (1.4.4-7+squeeze2) stable-security; urgency=high" terminal message
Fay Zee
sussex at eglug.org.uk
Wed Jan 9 00:41:09 UTC 2013
During yesterday's routine apt-get update / apt-get upgrade I received
the following terminal message:
cups (1.4.4-7+squeeze2) stable-security; urgency=high
In order to mitigate a privilege escalation from the lpadmin to
root
(CVE-2012-5519), the /etc/cups/cupsd.conf configuration file is
split
in two configuration files:
* /etc/cups/cupsd.conf can be edited by members of the lpadmin
group
through the cups web interface;
* /etc/cups/cups-files.conf can only be edited by root;
Many sensitive configuration statements can now only be set in
cups-files.conf. No statements have been moved automatically.
Please
check the respective manpages.
-- Didier Raboud Sat, 29 Dec 2012 12:33:27 +0100
/tmp/tmpn8ZR_9 (END)
I run Debian Squeeze. What action have other members taken?
Best Regards,
Fay
East Grinstead Linux User Group
www.eglug.org.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/sussex/attachments/20130109/3f632a35/attachment.html>
More information about the Sussex
mailing list