dbg111-cups openSUSE 11.1 lppasswd when running setuid or setgid still honors environment variables that specify the location of message files. Local attackers could exploit that to gather information by using crafted format strings (CVE-2010-0393). The previous fix for a use-after-free vulnerability (CVE-2009-3553) was incomplete (CVE-2010-0302). cups-debuginfo-1.3.9-7.8.1.i586.rpm cups-debuginfo-1.3.9-7.8.1.ppc.rpm cups-debuginfo-1.3.9-7.8.1.x86_64.rpm cups-debugsource-1.3.9-7.8.1.i586.rpm cups-debugsource-1.3.9-7.8.1.ppc.rpm cups-debugsource-1.3.9-7.8.1.x86_64.rpm