openSUSE-SU-2018:0618-1

Опубликовано: 06 мар. 2018

Источник: suse-cvrf

Описание

Security update for cups

This update for cups fixes the following issues:

CVE-2017-18190: Removed localhost.localdomain from list of trustworthy hosts in scheduler/client.c to avoid arbitrary IPP command execution in conjunction with DNS rebinding. (bsc#1081557)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3

cups-1.7.5-12.3.1

cups-client-1.7.5-12.3.1

cups-ddk-1.7.5-12.3.1

cups-devel-1.7.5-12.3.1

cups-libs-1.7.5-12.3.1

cups-libs-32bit-1.7.5-12.3.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00026.html
E-Mail link for openSUSE-SU-2018:0618-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).

Затронутые продукты

openSUSE Leap 42.3:cups-1.7.5-12.3.1

openSUSE Leap 42.3:cups-client-1.7.5-12.3.1

openSUSE Leap 42.3:cups-ddk-1.7.5-12.3.1

openSUSE Leap 42.3:cups-devel-1.7.5-12.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-18190.html
CVE-2017-18190
https://bugzilla.suse.com/1081557
SUSE Bug 1081557

openSUSE-SU-2018:0618-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-18190

Описание

Затронутые продукты

Ссылки