PublicDateAtUSN: 2015-12-15 Candidate: CVE-2015-8560 PublicDate: 2016-04-14 14:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8560 http://www.openwall.com/lists/oss-security/2015/12/13/2 https://ubuntu.com/security/notices/USN-2838-2 https://ubuntu.com/security/notices/USN-2838-1 Description: Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. Ubuntu-Description: Notes: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807993 (foomatic-filters) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807930 (cups-filters) Priority: medium Discovered-by: Adam Chester Assigned-to: mdeslaur CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L [7.3 HIGH] Patches_foomatic-filters: upstream_foomatic-filters: needs-triage precise_foomatic-filters: released (4.0.16-0ubuntu0.4) trusty_foomatic-filters: released (4.0.17-1+deb7u1ubuntu0.14.04.1) trusty/esm_foomatic-filters: DNE (trusty was released [4.0.17-1+deb7u1ubuntu0.14.04.1]) vivid_foomatic-filters: ignored (reached end-of-life) vivid/stable-phone-overlay_foomatic-filters: DNE vivid/ubuntu-core_foomatic-filters: DNE wily_foomatic-filters: ignored (reached end-of-life) xenial_foomatic-filters: not-affected (4.0.17-7) devel_foomatic-filters: not-affected (4.0.17-7) Patches_cups-filters: upstream: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419 upstream_cups-filters: released (1.4.0-1) precise_cups-filters: not-affected (code not present) trusty_cups-filters: released (1.0.52-0ubuntu1.7) trusty/esm_cups-filters: DNE (trusty was released [1.0.52-0ubuntu1.7]) vivid_cups-filters: released (1.0.67-0ubuntu2.6) vivid/stable-phone-overlay_cups-filters: DNE vivid/ubuntu-core_cups-filters: DNE wily_cups-filters: released (1.0.76-1ubuntu0.2) xenial_cups-filters: not-affected (1.4.0-1) esm-infra/xenial_cups-filters: not-affected (1.4.0-1) devel_cups-filters: not-affected (1.4.0-1)