2015-03-03
ALT-BU-2015-2332-1
Branch sisyphus update bulletin.
Package cups-filters updated to version 1.0.66-alt1 for branch sisyphus in task 141275.
Closed vulnerabilities
Published: 2015-03-24
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-2265
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
Severity: HIGH (7.5)
References:
- http://advisories.mageia.org/MGASA-2015-0132.html
- http://advisories.mageia.org/MGASA-2015-0132.html
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333
- openSUSE-SU-2015:1244
- openSUSE-SU-2015:1244
- MDVSA-2015:196
- MDVSA-2015:196
- USN-2532-1
- USN-2532-1
- https://bugs.linuxfoundation.org/show_bug.cgi?id=1265
- https://bugs.linuxfoundation.org/show_bug.cgi?id=1265