2016-06-21
ALT-BU-2016-2844-2
Branch sisyphus update bulletin.
Package cups-filters updated to version 1.9.0-alt1 for branch sisyphus in task 166165.
Closed vulnerabilities
Published: 2016-01-18
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2016-00006
Уязвимость фильтра печати Foomatic и операционной системы Ubuntu, позволяющая нарушителю выполнить произвольные команды
Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2015-12-17
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2015-8327
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html
- http://rhn.redhat.com/errata/RHSA-2016-0491.html
- http://www.debian.org/security/2015/dsa-3411
- http://www.debian.org/security/2015/dsa-3429
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/78524
- http://www.ubuntu.com/usn/USN-2831-1
- http://www.ubuntu.com/usn/USN-2831-2
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886
- https://lists.debian.org/debian-printing/2015/11/msg00020.html
- https://lists.debian.org/debian-printing/2015/12/msg00001.html
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00065.html
- http://rhn.redhat.com/errata/RHSA-2016-0491.html
- http://www.debian.org/security/2015/dsa-3411
- http://www.debian.org/security/2015/dsa-3429
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/78524
- http://www.ubuntu.com/usn/USN-2831-1
- http://www.ubuntu.com/usn/USN-2831-2
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886
- https://lists.debian.org/debian-printing/2015/11/msg00020.html
- https://lists.debian.org/debian-printing/2015/12/msg00001.html
Published: 2016-04-14
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2015-8560
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: HIGH (7.3)Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
- http://rhn.redhat.com/errata/RHSA-2016-0491.html
- http://www.debian.org/security/2015/dsa-3419
- http://www.debian.org/security/2015/dsa-3429
- http://www.openwall.com/lists/oss-security/2015/12/13/2
- http://www.openwall.com/lists/oss-security/2015/12/14/13
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.ubuntu.com/usn/USN-2838-1
- http://www.ubuntu.com/usn/USN-2838-2
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
- http://rhn.redhat.com/errata/RHSA-2016-0491.html
- http://www.debian.org/security/2015/dsa-3419
- http://www.debian.org/security/2015/dsa-3429
- http://www.openwall.com/lists/oss-security/2015/12/13/2
- http://www.openwall.com/lists/oss-security/2015/12/14/13
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.ubuntu.com/usn/USN-2838-1
- http://www.ubuntu.com/usn/USN-2838-2
Closed vulnerabilities
Published: 2023-07-20
Modified: 2023-09-20
Modified: 2023-09-20
BDU:2023-03806
Уязвимость компонента os_unix.c системы управления базами данных SQLite, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Severity: MEDIUM (5.9)Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2016-09-26
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-6153
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Severity: MEDIUM (5.9)Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html
- http://www.openwall.com/lists/oss-security/2016/07/01/1
- http://www.openwall.com/lists/oss-security/2016/07/01/2
- http://www.securityfocus.com/bid/91546
- http://www.sqlite.org/cgi/src/info/67985761aa93fb61
- https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/
- https://usn.ubuntu.com/4019-1/
- https://usn.ubuntu.com/4019-2/
- https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
- https://www.sqlite.org/releaselog/3_13_0.html
- https://www.tenable.com/security/tns-2016-20
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00053.html
- http://www.openwall.com/lists/oss-security/2016/07/01/1
- http://www.openwall.com/lists/oss-security/2016/07/01/2
- http://www.securityfocus.com/bid/91546
- http://www.sqlite.org/cgi/src/info/67985761aa93fb61
- https://lists.debian.org/debian-lts-announce/2023/05/msg00022.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGQTH7V45QVHFDXJAEECHEO3HHD644WZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/
- https://usn.ubuntu.com/4019-1/
- https://usn.ubuntu.com/4019-2/
- https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
- https://www.sqlite.org/releaselog/3_13_0.html
- https://www.tenable.com/security/tns-2016-20