exploitDog

SUSE-SU-2016:0112-1

Опубликовано: 13 янв. 2016

Источник: suse-cvrf

Описание

Security update for foomatic-filters

This update fixes the following security issues:

CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). CVE-2015-8560: fixed code execution via improper escaping of ; (bsc#957531).

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3

foomatic-filters-3.0.2-269.39.1

SUSE Linux Enterprise Desktop 11 SP4

foomatic-filters-3.0.2-269.39.1

SUSE Linux Enterprise Server 11 SP3

foomatic-filters-3.0.2-269.39.1

SUSE Linux Enterprise Server 11 SP3-TERADATA

foomatic-filters-3.0.2-269.39.1

SUSE Linux Enterprise Server 11 SP4

foomatic-filters-3.0.2-269.39.1

SUSE Linux Enterprise Server for SAP Applications 11 SP3

foomatic-filters-3.0.2-269.39.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4

foomatic-filters-3.0.2-269.39.1

Ссылки

https://www.suse.com/support/update/announcement/2016/suse-su-20160112-1/
Link for SUSE-SU-2016:0112-1
https://lists.suse.com/pipermail/sle-security-updates/2016-January/001799.html
E-Mail link for SUSE-SU-2016:0112-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/957531
SUSE Bug 957531
https://www.suse.com/security/cve/CVE-2015-8327/
SUSE CVE CVE-2015-8327 page
https://www.suse.com/security/cve/CVE-2015-8560/
SUSE CVE CVE-2015-8560 page

Описание

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP3:foomatic-filters-3.0.2-269.39.1

SUSE Linux Enterprise Desktop 11 SP4:foomatic-filters-3.0.2-269.39.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:foomatic-filters-3.0.2-269.39.1

SUSE Linux Enterprise Server 11 SP3:foomatic-filters-3.0.2-269.39.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-8327.html
CVE-2015-8327
https://bugzilla.suse.com/1027197
SUSE Bug 1027197
https://bugzilla.suse.com/957531
SUSE Bug 957531

Описание

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP3:foomatic-filters-3.0.2-269.39.1

SUSE Linux Enterprise Desktop 11 SP4:foomatic-filters-3.0.2-269.39.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:foomatic-filters-3.0.2-269.39.1

SUSE Linux Enterprise Server 11 SP3:foomatic-filters-3.0.2-269.39.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-8560.html
CVE-2015-8560
https://bugzilla.suse.com/1027197
SUSE Bug 1027197
https://bugzilla.suse.com/957531
SUSE Bug 957531

Уязвимость SUSE-SU-2016:0112-1