Debian Security Advisory
DSA-2380-1 foomatic-filters -- shell command injection
- Date Reported:
- 04 Jan 2012
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 635549.
In Mitre's CVE dictionary: CVE-2011-2697, CVE-2011-2964.
- More information:
It was discovered that the foomatic-filters, a support package for setting up printers, allowed authenticated users to submit crafted print jobs which would execute shell commands on the print servers.
For the oldstable distribution (lenny), this problem has been fixed in version 3.0.2-20080211-3.2+lenny1.
For the stable distribution (squeeze), this problem has been fixed in version 4.0.5-6+squeeze1.
For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 4.0.9-1.
We recommend that you upgrade your foomatic-filters packages.