system-config-printer security update (CVE-2011-4405, CVE-2011-2899)
This update fixes a typo from the previous update:
system-config-printer used an unauthenticated connection
when downloading printer drivers from openprinting.org
(CVE-2011-4405). This update disables the printer driver
download feature.
system-config-printer did not properly quote shell meta
characters in SMB server or workgroup names when passing
them to the shell (CVE-2011-2899).
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5604
Fixed bugs
bnc#733542
VUL-0: CVE-2011-4405: system-config-printer: possible MITM due to use of insecure connections
bnc#735322
VUL-0: CVE-2011-2899: system-config-printer: improper escaping of hostnames
