1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
Candidate: CVE-2014-2707
PublicDate: 2014-04-17
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2707
http://www.openwall.com/lists/oss-security/2014/04/01/4
http://www.openwall.com/lists/oss-security/2014/04/25/7
http://www.ubuntu.com/usn/usn-2210-1/
Description:
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP
printers to execute arbitrary commands via shell metacharacters in the (1)
model or (2) PDL, related to "System V interface scripts generated for
queues."
Ubuntu-Description:
Notes:
jdstrand> 1.0.51 was an incomplete fix.
mdeslaur> CVE number pending for incomplete fix.
Bugs:
https://bugs.launchpad.net/ubuntu/+source/cups-filters/+bug/1316229
https://bugzilla.novell.com/show_bug.cgi?id=871327
Priority: high
Discovered-by: Sebastian Krahmer
Assigned-to:
Patches_cups-filters:
upstream: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194
upstream_cups-filters: released (1.0.53)
lucid_cups-filters: DNE
precise_cups-filters: not-affected
quantal_cups-filters: not-affected
saucy_cups-filters: not-affected (1.0.40-0ubuntu1.1)
trusty_cups-filters: released (1.0.52-0ubuntu1.1)
devel_cups-filters: released (1.0.53-1)
|