Описание
Security update for cups-filters
cups-filters was updated to fix one security issue.
This security issue was fixed:
- CVE-2015-2265: Remote command execution in remove_bad_chars() (bnc#921753).
This non-security issue was fixed:
- LSB compliance of foomatic-rip (bnc#915545).
Список пакетов
SUSE Linux Enterprise Desktop 12
cups-filters-1.0.58-5.1
cups-filters-cups-browsed-1.0.58-5.1
cups-filters-foomatic-rip-1.0.58-5.1
cups-filters-ghostscript-1.0.58-5.1
SUSE Linux Enterprise Server 12
cups-filters-1.0.58-5.1
cups-filters-cups-browsed-1.0.58-5.1
cups-filters-foomatic-rip-1.0.58-5.1
cups-filters-ghostscript-1.0.58-5.1
SUSE Linux Enterprise Server for SAP Applications 12
cups-filters-1.0.58-5.1
cups-filters-cups-browsed-1.0.58-5.1
cups-filters-foomatic-rip-1.0.58-5.1
cups-filters-ghostscript-1.0.58-5.1
Ссылки
- Link for SUSE-SU-2015:0805-1
- E-Mail link for SUSE-SU-2015:0805-1
- SUSE Security Ratings
- SUSE Bug 915545
- SUSE Bug 921753
- SUSE CVE CVE-2015-2265 page
Описание
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:cups-filters-1.0.58-5.1
SUSE Linux Enterprise Desktop 12:cups-filters-cups-browsed-1.0.58-5.1
SUSE Linux Enterprise Desktop 12:cups-filters-foomatic-rip-1.0.58-5.1
SUSE Linux Enterprise Desktop 12:cups-filters-ghostscript-1.0.58-5.1
Ссылки
- CVE-2015-2265
- SUSE Bug 921753
- SUSE Bug 937018