CVE-2015-8327

Publication date 2 December 2015

Last updated 24 July 2024

Ubuntu priority

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cups-filters	16.04 LTS xenial	Not affected
	15.10 wily	Fixed 1.0.76-1ubuntu0.1
	15.04 vivid	Fixed 1.0.67-0ubuntu2.5
	14.04 LTS trusty	Fixed 1.0.52-0ubuntu1.6
	12.04 LTS precise	Not affected
foomatic-filters	16.04 LTS xenial	Not affected
	15.10 wily	Ignored end of life
	15.04 vivid	Ignored end of life
	14.04 LTS trusty	Fixed 4.0.17-1+deb7u1ubuntu0.14.04.1
	12.04 LTS precise	Fixed 4.0.16-0ubuntu0.3

Notes

tyhicks

Per Debian, introduced in cups-filters 1.0.42 and foomatic-filters 4.0-20090301

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
cups-filters	Upstream: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406

References

Related Ubuntu Security Notices (USN)

USN-2831-2
foomatic-filters vulnerability
7 December 2015

USN-2831-1
cups-filters vulnerability
7 December 2015

Other references

https://www.cve.org/CVERecord?id=CVE-2015-8327