Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 64166 - net-print/foomatic vulnerability
Summary: net-print/foomatic vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal
Assignee: Gentoo Security
URL: http://www.mandrakesoft.com/security/...
Whiteboard: B1 [glsa] lewk
Keywords:
Depends on:
Blocks:
 
Reported: 2004-09-15 12:38 UTC by Luke Macken (RETIRED)
Modified: 2011-10-30 22:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Luke Macken (RETIRED) gentoo-dev 2004-09-15 12:38:17 UTC 
Package name  	printer-drivers
Date 	September 15th, 2004
Advisory ID 	MDKSA-2004:094
Affected versions 	9.2, 10.0
Synopsis 	Updated printer-drivers packages fix vulnerability in foomatic
	

Problem Description

The foomatic-rip filter, which is part of foomatic-filters package, contains a vulnerability that allows anyone with access to CUPS, local or remote, to execute arbitrary commands on the server. The updated packages provide a fixed foomatic-rip filter that prevents this kind of abuse. 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0801
Comment 1 Luke Macken (RETIRED) gentoo-dev 2004-09-15 12:39:40 UTC 
printing, please bump to 3.0.2
Comment 2 Luke Macken (RETIRED) gentoo-dev 2004-09-15 12:40:29 UTC 
Ignore the mandrake versions in the Description.
Comment 3 Heinrich Wendel (RETIRED) gentoo-dev 2004-09-16 00:49:34 UTC 
bumped foomatic,foomatic-filters and foomatic-db-engine to 3.0.2, other arches please mark stable
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-09-16 00:57:49 UTC 
Thx lanius. Arches please test and mark stable.
Comment 5 Jochen Maes (RETIRED) gentoo-dev 2004-09-16 01:25:10 UTC 
stable ppc
Comment 6 Jochen Maes (RETIRED) gentoo-dev 2004-09-16 01:25:48 UTC 
forgot to remove ppc
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2004-09-16 07:18:12 UTC 
sparc stable.
Comment 8 Olivier Crete (RETIRED) gentoo-dev 2004-09-16 09:08:34 UTC 
already stable on x86
Comment 9 Bryan Østergaard (RETIRED) gentoo-dev 2004-09-17 02:45:02 UTC 
Stable on alpha.
Comment 10 Danny van Dyk (RETIRED) gentoo-dev 2004-09-19 08:55:25 UTC 
stable on amd64
Comment 11 SpanKY gentoo-dev 2004-09-19 19:35:21 UTC 
hppa/ia64 stable now
Comment 12 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-09-20 06:20:37 UTC 
Updating severity.
Comment 13 Joshua J. Berry (CondorDes) (RETIRED) gentoo-dev 2004-09-20 08:02:07 UTC 
GLSA 200409-24.
Comment 14 Joshua Kinard gentoo-dev 2004-09-22 00:59:09 UTC 
stable on mips.
Comment 15 Tom Gall (RETIRED) gentoo-dev 2004-10-09 16:32:24 UTC 
stable on ppc64, thanks!