|
|
Log in / Subscribe / Register

cups-filters: remote command execution

Package(s):cups-filters CVE #(s):CVE-2015-2265
Created:March 16, 2015 Updated:April 7, 2015
Description: From the Red Hat bugzilla:

It was reported that cups-browsed fails to properly sanitize data from the network when creating IPP printer scripts. As a result, an attacker can remotely create a script containing arbitrary commands, which will be executed as the "lp" user when the associated printer is used.

This is the same vulnerability reported as CVE-2014-2707 but the existing fixes rely on a string sanitization function remove_bad_chars() which is not effective.

Alerts:
openSUSE openSUSE-SU-2015:1244-1 cups-filters 2015-07-14
Mandriva MDVSA-2015:196 cups-filters 2015-04-07
Mageia MGASA-2015-0132 cups-filters 2015-04-04
Ubuntu USN-2532-1 cups-filters 2015-03-16
Fedora FEDORA-2015-3036 cups-filters 2015-03-13
Fedora FEDORA-2015-3003 cups-filters 2015-03-13
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds