CVE-2014-2707

Priority
High
Description
cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP
printers to execute arbitrary commands via shell metacharacters in the (1)
model or (2) PDL, related to "System V interface scripts generated for
queues."
References
Bugs
Notes
jdstrand> 1.0.51 was an incomplete fix.
mdeslaur> CVE number pending for incomplete fix.
Package
Upstream:released (1.0.53)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 13.10 (Saucy Salamander):not-affected (1.0.40-0ubuntu1.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.52-0ubuntu1.1)
Ubuntu 14.10 (Utopic Unicorn):released (1.0.53-1)
Patches:
Upstream:http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194
More Information

Valid XHTML 1.0 Strict

Updated: 2014-06-26 22:14:39 UTC (commit 8182)