Summary: | <net-print/cups-filters-1.0.52 : remote command injection in cups-browsed (CVE-2014-2707) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | printing |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1083326 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-04-02 08:32:46 UTC
fixed in >=1.0.51 + 15 Apr 2014; Andreas K. Huettel <dilfridge@gentoo.org> + +cups-filters-1.0.52.ebuild: + Version bump, bug 506518 Please test and stabilize 1.0.52 Stable for HPPA. (In reply to Andreas K. Hüttel from comment #2) > + 15 Apr 2014; Andreas K. Huettel <dilfridge@gentoo.org> > + +cups-filters-1.0.52.ebuild: > + Version bump, bug 506518 > > Please test and stabilize 1.0.52 Again and again: No, that's wrong for so many reasons. Do something like this instead: Arch teams, please test and mark stable: =net-print/cups-filters-1.0.52 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 amd64 stable Superceded by bug 508844 Sec team, please do with this bug as you please. CVE-2014-2707 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2707): cups-browsed in cups-filters 1.0.41 before 1.0.51 in allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues." Fixed by bug 508844 Created NEW GLSA Request This issue was resolved and addressed in GLSA 201406-16 at http://security.gentoo.org/glsa/glsa-201406-16.xml by GLSA coordinator Mikle Kolyada (Zlogene). |