Univention Bugzilla – Bug 29197
cups: Privilege Escalation (3.1)
Last modified: 2019-04-11 19:24:11 CEST
+++ This bug was initially created as a clone of Bug #29193 +++ Mitglieder der Gruppe lpadmin können über das Cups-Webinterface Root-Rechte erlangen (CVE-2012-5519)
The group is empty by default, so this should only affect special UCS setups. The fix provided in http://www.debian.org/security/2013/dsa-2600 is not directly applicable to UCS: It splits some configuration options from /etc/cups/cupsd.conf into a separate cups-files.conf, which can can be edited by root. We would need to modify that in the UCR templates, which should rather be done for 3.2 The patch from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692791#46 is another alternative; is disallows editing of /etc/cups/cupsd.conf from the web interface (which trashes the setting written from the template, so it's the better fix anyway).
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014. The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes. Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.