Описание
Security update for foomatic-filters
This update fixes the following security issues:
CVE-2015-8327: adds backtick and semicolon to the list of illegal shell escape characters (bsc#957531). CVE-2015-8560: fixed code execution via improper escaping of ; (bsc#957531).
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP3
SUSE Linux Enterprise Server for SAP Applications 11 SP4
Ссылки
- Link for SUSE-SU-2016:0112-1
- E-Mail link for SUSE-SU-2016:0112-1
- SUSE Security Ratings
- SUSE Bug 957531
- SUSE CVE CVE-2015-8327 page
- SUSE CVE CVE-2015-8560 page
Описание
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
Затронутые продукты
Ссылки
- CVE-2015-8327
- SUSE Bug 1027197
- SUSE Bug 957531
Описание
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327.
Затронутые продукты
Ссылки
- CVE-2015-8560
- SUSE Bug 1027197
- SUSE Bug 957531