Bugzilla – Bug 921753
VUL-0: CVE-2015-2265: cups-filters: remote command execution in remove_bad_chars() (incomplete fix for CVE-2014-2707)
Last modified: 2017-07-05 11:45:18 UTC
spotted by redhat rh#1199130 cups-browsed: SECURITY FIX: Fixed a bug in the remove_bad_chars() failing to reliably filter out illegal characters if there are two or more subsequent illegal characters, allowing execution of arbitrary commands with the rights of the "lp" user, using forged print service announcements on DNS-SD servers (Bug #1265). http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7333 https://bugs.linuxfoundation.org/show_bug.cgi?id=1265 https://bugzilla.redhat.com/show_bug.cgi?id=1199130
openSUSE Factory has already the fixed cups-filters version 1.0.66. From cups-filters version 1.0.66 NEWS file: -------------------------------------------------------------------------- CHANGES IN V1.0.66 - cups-browsed: SECURITY FIX: Fixed a bug in the remove_bad_chars() failing to reliably filter out illegal characters if there are two or more subsequent illegal characters, allowing execution of arbitrary commands with the rights of the "lp" user, using forged print service announcements on DNS-SD servers (Bug #1265). -------------------------------------------------------------------------- where "Bug #1265" means https://bugs.linuxfoundation.org/show_bug.cgi?id=1265
SUSE-SU-2015:0805-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 915545,921753 CVE References: CVE-2015-2265 Sources used: SUSE Linux Enterprise Server 12 (src): cups-filters-1.0.58-5.1 SUSE Linux Enterprise Desktop 12 (src): cups-filters-1.0.58-5.1
(In reply to Johannes Meixner from comment #4) > openSUSE Factory has already the fixed cups-filters version 1.0.66. > > From cups-filters version 1.0.66 NEWS file: > -------------------------------------------------------------------------- > CHANGES IN V1.0.66 > - cups-browsed: SECURITY FIX: Fixed a bug in the remove_bad_chars() > failing to reliably filter out illegal characters if there are two > or more subsequent illegal characters, allowing execution of > arbitrary commands with the rights of the "lp" user, using forged > print service announcements on DNS-SD servers (Bug #1265). > -------------------------------------------------------------------------- > where "Bug #1265" means > https://bugs.linuxfoundation.org/show_bug.cgi?id=1265 openSUSE 13.2 has 1.0.58, please fix (with others that may be outstanding).
Fixed and submitted for openSUSE:13.2:Update ---------------------------------------------------------------------------- $ osc maintenancerequest -m 'fixed CVE-2015-2265 (boo#921753) and CVE-2015-3258 (bsc#936281) plus CVE-2015-3279 (bsc#937018)' home:jsmeix:branches:openSUSE:13.2:Update cups-filters.openSUSE_13.2_Update openSUSE:13.2:Update Using target project 'openSUSE:Maintenance' 315210 ----------------------------------------------------------------------------
For further processig for the maintenance update for openSUSE:13.2 I re-asssign it to our security team.
This is an autogenerated message for OBS integration: This bug (921753) was mentioned in https://build.opensuse.org/request/show/315210 13.2 / cups-filters
Thanks, we'll handle the submissions.
openSUSE-SU-2015:1244-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 921753,936281,937018 CVE References: CVE-2015-2265,CVE-2015-3258,CVE-2015-3279 Sources used: openSUSE 13.2 (src): cups-filters-1.0.58-2.7.1
i think this is resolved