From the upstream bug report: cups-browsed fails to properly sanitise data from the network when creating IPP printer scripts. As a result, an attacker can remotely create a script containing arbitrary commands, which will be executed as the "lp" user when the associated printer is used. This is the same vulnerability reported as CVE-2014-2707 but the existing fixes rely on a string sanitisation function remove_bad_chars() which is not effective. Fixed in net-print/cups-filters-1.0.66 (just bumped). Let's wait a day for testing and then stabilize.
I dont see any bug explosion, so let's do it. Arches please stabilize =net-print/cups-filters-1.0.66 Target: all stable arches
Stable for HPPA.
amd64 stable
x86 stable
arm stable
ia64 stable
ppc stable
ppc64 stable
sparc stable
alpha stable. Maintainer(s), please cleanup.
Arches and Maintainer(s), Thank you for your work. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s).
GLSA Vote: No
CVE-2015-2265 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2265): The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.