SB2015030201 - Fedora 22 update for cups-filters

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015030201

SB2015030201 - Fedora 22 update for cups-filters

Published: March 2, 2015 Updated: April 24, 2025

Security Bulletin ID SB2015030201
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Command Injection (CVE-ID: CVE-2015-2265)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.


2) OS Command Injection (CVE-ID: CVE-2014-2707)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."


Remediation

Install update from vendor's website.

References