CUPS: Leakage of sensitive information — GLSA 200410-06

CUPS leaks information about user names and passwords when using remote printing to SMB-shared printers which require authentication.

Affected Packages

net-print/cups on all architectures
Affected versions <= 1.1.20-r2, = 1.1.21
Unaffected versions revision >= 1.1.20-r3, >= 1.1.21-r1

Background

The Common UNIX Printing System (CUPS) is a cross-platform print spooler.

Description

When printing to a SMB-shared printer requiring authentication, CUPS leaks the user name and password to a logfile.

Impact

A local user could gain knowledge of sensitive authentication data.

Workaround

There is no known workaround at this time.

Resolution

All CUPS users should upgrade to the latest version:

 # emerge sync

 # emerge -pv ">=net-print/cups-1.1.20-r3"
 # emerge ">=net-print/cups-1.1.20-r3"

References

Release Date
October 09, 2004

Latest Revision
October 09, 2004: 01

Severity
normal

Exploitable
local

Bugzilla entries