PublicDateAtUSN: 2015-12-02
Candidate: CVE-2015-8327
PublicDate: 2015-12-17 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8327
 https://ubuntu.com/security/notices/USN-2831-2
 https://ubuntu.com/security/notices/USN-2831-1
Description:
 Incomplete blacklist vulnerability in util.c in foomatic-rip in
 cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x
 allows remote attackers to execute arbitrary commands via ` (backtick)
 characters in a print job.
Ubuntu-Description:
Notes:
 tyhicks> Per Debian, introduced in cups-filters 1.0.42 and foomatic-filters
  4.0-20090301
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806886
Priority: medium
Discovered-by: Michal Kowalczyk
Assigned-to: mdeslaur
CVSS: 

Patches_foomatic-filters:
upstream_foomatic-filters: needed
precise_foomatic-filters: released (4.0.16-0ubuntu0.3)
trusty_foomatic-filters: released (4.0.17-1+deb7u1ubuntu0.14.04.1)
trusty/esm_foomatic-filters: DNE (trusty was released [4.0.17-1+deb7u1ubuntu0.14.04.1])
vivid_foomatic-filters: ignored (reached end-of-life)
vivid/stable-phone-overlay_foomatic-filters: DNE
vivid/ubuntu-core_foomatic-filters: DNE
wily_foomatic-filters: ignored (reached end-of-life)
xenial_foomatic-filters: not-affected (4.0.17-7)
devel_foomatic-filters: not-affected (4.0.17-7)

Patches_cups-filters:
 upstream: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406
upstream_cups-filters: released (1.2.0-1)
precise_cups-filters: not-affected (1.0.18-0ubuntu0.4)
trusty_cups-filters: released (1.0.52-0ubuntu1.6)
trusty/esm_cups-filters: DNE (trusty was released [1.0.52-0ubuntu1.6])
vivid_cups-filters: released (1.0.67-0ubuntu2.5)
vivid/stable-phone-overlay_cups-filters: DNE
vivid/ubuntu-core_cups-filters: DNE
wily_cups-filters: released (1.0.76-1ubuntu0.1)
xenial_cups-filters: not-affected (1.2.0-1)
esm-infra/xenial_cups-filters: not-affected (1.2.0-1)
devel_cups-filters: not-affected (1.2.0-1)