Main Vulnerability Database SB2015120313

SB2015120313 - Input validation error in cups-filters (Alpine package)

Published: December 3, 2015

Security Bulletin ID SB2015120313

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2015-8327)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. <a href="https://cwe.mitre.org/data/definitions/184.html">CWE-184: Incomplete Blacklist</a>

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=22d19ae2549dce27eef57e63f84720df9bcf1866
https://git.alpinelinux.org/aports/commit/?id=ef4b8bc0255cdb792949b437c0896dfc748769d5
https://git.alpinelinux.org/aports/commit/?id=f00233cea0ab2fa72c0fb478de0cefb4e88d23b4