openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

foomatic-filters: security update

The foomatic print filters of the hplip package contained a
remote code execution vulnerability. Remote users, if
allowed to access a print server such as CUPS, could
execute arbitrary commands as lp system user.
CVE-2011-2964: CVSS v2 Base Score: 6.8 (moderate)
(AV:N/AC:M/Au:N/C:P/I:P/A:P): Code Injection (CWE-94)

Submitted by Adrian Schröter (adrianSuSE)
Version 4979

Fixed bugs

bnc#698451

VUL-0: CVE-2011-2697: foomatic-filters and hplip: arbitrary remote code execution as user lp via foomatic-rip and foomatic-rip-hplip

CVE#CVE-2011-2697

foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.

CVE#CVE-2011-2964

foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file, a different vulnerability than CVE-2011-2697.

Places

Fixed bugs

Selected Binaries

Places