Debian Security Advisory
DLA-1288-1 cups -- LTS security update
- Date Reported:
- 22 Feb 2018
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-18190.
- More information:
It was discovered that there was an issue in the CUPS printer framework where remote attackers could execute arbitrary commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding.
This was caused by a whitelisted
For Debian 7
Wheezy, this issue has been fixed in cups version 1.5.3-5+deb7u7.
We recommend that you upgrade your cups packages.