Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in Foomatic (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Foomatic (Aktualisierung)
ID: USN-2831-2
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS
Datum: Mo, 7. Dezember 2015, 16:35
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8327
Applikationen: Foomatic
Update von: Ausführen beliebiger Kommandos in cups-filters

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8690790193168931655==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="DNAPLrDcgvXLuI7QNL42S8soOU10SIkmE"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--DNAPLrDcgvXLuI7QNL42S8soOU10SIkmE
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-2831-2
December 07, 2015

foomatic-filters vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

foomatic-filters could be made to run programs as the lp user if it
processed a specially crafted print job.

Software Description:
- foomatic-filters: OpenPrinting printer support - filters

Details:

Michal Kowalczyk discovered that the foomatic-filters foomatic-rip filter
incorrectly stripped shell escape characters. A remote attacker could
possibly use this issue to execute arbitrary code as the lp user.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
foomatic-filters 4.0.16-0ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2831-2
http://www.ubuntu.com/usn/usn-2831-1
CVE-2015-8327

Package Information:
https://launchpad.net/ubuntu/+source/foomatic-filters/4.0.16-0ubuntu0.3



--DNAPLrDcgvXLuI7QNL42S8soOU10SIkmE
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJWZZS3AAoJEGVp2FWnRL6Tt6QP/0bYyLqDSTo7BrJROxTGzltz
mFjfsms77fLU4NB1vNak3WvzBFu7UsJlvXRuXpL0JoXkirs+IcY35ByFX3s0Rm0F
qGtqkN6sWZujFvu3rrnBrqOrQ/IXDfmvWaaN1OxLw+v8EChJJUCTTJ6S0grIMfvN
1ZMfN5xg3RDOtUiplDDdmEKcSICH8KEToIshZzh7jUkcgYuvFIbUvJrxxeLzZReG
KN48JJpk1OiADsn2LUE8YsuVZzGk4CzwCtHRXBEKbwsNqodduPQQB3a6rkYDM9xq
9ggNu4HD4jIMu3GXOm9b0FvqX1Eh1mnUwKYHDNhLaD2cXd8QNe0JRlmV8OQQ4aHu
IigsGa6n6gTcOACXyKHd6Js3WPDOYaC1EeSxUlKyKYfk7BZA+S7CE4/4E9Mgv8Md
MjAtzVG+eKL4/+QdhgrHxo6aFaOKIRB2TinZYOgfXbJDjgMseMR4Gwps8zjNCGQ4
XIA2HL5x3oFGHcaFY/WYQLflt8nH3qptpol6TnDrDByhn7MS2vIYj3Ke22BG7Jq7
fKAH7TnBDKYVnJ2C/ppG7lf/gWuQB8fU+J89EP8tG2la/FeR4cebzqRrmKE9MMxz
WTAd1mPJumTlgZUA0KSHCZZ3D0bhZTRF9j+u/OFYqtY8TSb47hm8HRw5M73MEXOF
Xf75KkSqoxwbozzVqV05
=CVj3
-----END PGP SIGNATURE-----

--DNAPLrDcgvXLuI7QNL42S8soOU10SIkmE--


--===============8690790193168931655==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============8690790193168931655==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung