CVE-2014-8166

Priority
Low
Description
The browsing feature in the server in CUPS does not filter ANSI escape
sequences from shared printer names, which might allow remote attackers to
execute arbitrary code via a crafted printer name.
References
Notes
 sbeattie> printer names with ANSI escape sequences were allowed, can
 sbeattie> cause issues when doing lpstat -a in a terminal
 sbeattie> requires malicious adding of printers
Package
Source: cups (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 17.10 (Artful Aardvark):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Patches:
Redhat:https://bugzilla.redhat.com/attachment.cgi?id=916761
More Information

Updated: 2018-01-24 17:14:21 UTC (commit 14055)