Date: Mon, 18 Jul 2011 14:35:28 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: Sebastian Krahmer <krahmer@...e.de> CC: oss-security@...ts.openwall.com, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE Request: hplip/foomatic-filters On 07/13/2011 12:53 PM, Sebastian Krahmer wrote: > Hi > > The foomatic filters of the hplip package allow remote users > to execute arbitrary commands as the lp user. The flaw allows > hosts which are listed in the printing ACL or local users to > pass PPD file arguments to the foomatic filters. A PoC was > demonstrated using the CUPS server. > > More info and patches are here: > > https://bugzilla.novell.com/show_bug.cgi?id=698451 Please use CVE-2011-2697 for this. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team > > > Sebastian >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ