CVE-2015-2265
Published: 12 March 2015
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.
Priority
Status
Package | Release | Status |
---|---|---|
cups-filters Launchpad, Ubuntu, Debian |
upstream |
Released
(1.0.61-5)
|
lucid |
Does not exist
|
|
precise |
Not vulnerable
(1.0.18-0ubuntu0.2)
|
|
trusty |
Does not exist
(trusty was released [1.0.52-0ubuntu1.4])
|
|
utopic |
Released
(1.0.61-0ubuntu2.1)
|
|
Patches: upstream: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333 |