[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1288-1] cups security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : cups
Version        : 1.5.3-5+deb7u7
CVE ID         : CVE-2017-18190

It was discovered that there was an issue in the CUPS printer
framework where remote attackers could execute arbitrary commands by
sending POST requests to the CUPS daemon in conjunction with DNS
rebinding.
    
This was caused by a whitelisted "localhost.localdomain" entry.

For Debian 7 "Wheezy", this issue has been fixed in cups version
1.5.3-5+deb7u7.

We recommend that you upgrade your cups packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqO0sEACgkQHpU+J9Qx
HljWZw//S+y2KQeB9XTnAzRmjCT+dednm7l0FMMtQcg4vQeblf2jcopfvQd+kE5u
qTuU3CfI3YF63mJV+VrBijd+eGkX/VwEUMqZG8uLB36FU6ndNk8XpZp74655/mip
YHy5uXJl4NTRzG19PJOEXHYCrA75yFnKCzYlO8KdfkQSlwKU4RNsvM7yeqoOYpDe
PS+oRTLJjaElUCwC/ufBdvE56hqKmdVPYRC3iQ8FcEmYQ2ZlJtMKD2RcutSXXDls
cgTEvlpwCUA7aQvuSgOqOtDwyorHSoBT9fNvYuK6pRGLOaLakJrrlU4EiBP7dI9b
1FMPGDYfuEaVhNju5tlquFYcv8O36NMXIwUv+VXgoRRdmNywUnQwZOj4TvYRvNbv
yEwxaEjwTT6VLKPRgM3MbFi4+hklhIcMySl5L47G0YHk9x5oEgbvMJzxBcrYeZ8z
rnIulFnSB10V0fX+iA0wX5Kld1WxHOCdXEePNpLsYaoXIuLdAxnaEyLjH9yMI+mE
zngs8SxaS6SgKtksHDwe7KwLadfB0TGOBV9G1Bw+JYO6Xkiz3/y928OEZHMQ3isD
lZozN+riRVJ79StgV+VOMj03OTkLYnXRMM9CvrkuYXV7qNO8oSZeTuuhh+eejtdO
/yxTu0XtcsI7MRWk8CGktPgtiF8DvsmMemzKSNtWwniQsg4TPp0=
=UnM2
-----END PGP SIGNATURE-----


Reply to: