Summary: | <net-print/cups-filters-1.0.66: remove_bad_chars() bypass (CVE-2015-2265) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Andreas K. Hüttel <dilfridge> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.linuxfoundation.org/show_bug.cgi?id=1265 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Andreas K. Hüttel
2015-03-04 17:43:47 UTC
I dont see any bug explosion, so let's do it. Arches please stabilize =net-print/cups-filters-1.0.66 Target: all stable arches Stable for HPPA. amd64 stable x86 stable arm stable ia64 stable ppc stable ppc64 stable sparc stable alpha stable. Maintainer(s), please cleanup. Arches and Maintainer(s), Thank you for your work. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s). GLSA Vote: No CVE-2015-2265 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2265): The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. |