CVE-2014-8166

Priority
Description
The browsing feature in the server in CUPS does not filter ANSI escape
sequences from shared printer names, which might allow remote attackers to
execute arbitrary code via a crafted printer name.
Notes
sbeattieprinter names with ANSI escape sequences were allowed, can
cause issues when doing lpstat -a in a terminal
requires malicious adding of printers
mdeslaurthis code was removed in cups 1.6
Package
Source: cups (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (code not present)
Patches:
Redhat:https://bugzilla.redhat.com/attachment.cgi?id=916761
More Information

Updated: 2020-01-29 19:50:32 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)