Security update for cups
This update for cups fixes the following issues:
- CVE-2017-18190: Removed localhost.localdomain from list
of trustworthy hosts in scheduler/client.c to avoid arbitrary IPP
command execution in conjunction with DNS rebinding.
(bsc#1081557)
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Karol Babioch (kbabioch)
Fixed bugs
bnc#1081557
VUL-0: CVE-2017-18190: cups: A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c inCUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands bysending POST requests to the CUPS daemon in conjunc
