285 matches found
CVE-2015-8560
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; semicolon character in a print job, a different vulnerability than CVE-2015-8327...
CVE-2015-8560
CVE-2015-8560 describes an incomplete blacklist vulnerability in foomatic-rip (util.c) used by cups-filters 1.0.42 and in foomatic-filters (Foomatic 4.0.x). The issue allows remote attackers to execute arbitrary commands by injecting a ; (semicolon) in a print job. Root cause is failure to fully ...
CVE-2015-8560
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; semicolon character in a print job, a different vulnerability than CVE-2015-8327...
foomatic-rip Arbitrary Command Execution Vulnerability
Foomatic is a database-driven printing system developed by the Linux Foundation's OpenPrinting Working Group, which integrates a general-purpose back-end printing system for Unix with an open-source printer driver. foomatic-rip a.k.a. foomatic-filters is an internal component that helps the...
foomatic-rip memory corruption vulnerability
Foomatic is a database-driven printing system developed by the Linux Foundation's OpenPrinting Working Group, which integrates a general-purpose back-end printing system for Unix with an open-source printer driver. foomatic-rip a.k.a. foomatic-filters is an internal component that helps the...
CentOS Update for foomatic CESA-2016:0491 centos6
Check the version of foomatic SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882436";...
Scientific Linux Security Update : foomatic on SL6.x i386/x86_64 (20160323)
It was discovered that the unhtmlify function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. CVE-2010-5325 It was...
OracleVM 3.3 / 3.4 : foomatic (OVMSA-2016-0040)
The remote OracleVM system is missing necessary patches to address critical security updates : - Also consider back tick and semicolon as illegal shell escape characters. - CVE-2015-8327, CVE-2015-8560 - Prevent foomatic-rip overrun bug 1214534. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CentOS 6 : foomatic (CESA-2016:0491)
An updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...
foomatic security update
CentOS Errata and Security Advisory CESA-2016:0491 An updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
RedHat Update for foomatic RHSA-2016:0491-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2016-0491)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 6 : foomatic (ELSA-2016-0491)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2016-0491 advisory. - CVE-2015-8327, CVE-2015-8560 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...
cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character
It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands...
cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character
It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands...
foomatic: potential remote arbitrary code execution
It was discovered that the unhtmlify function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code...
Moderate: Red Hat Security Advisory: foomatic security update
An updated foomatic package that fixes three security issues is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are availabl...
foomatic security update
4.0.4-5 - Also consider back tick and semicolon as illegal shell escape characters. - CVE-2015-8327, CVE-2015-8560 4.0.4-4 - Prevent foomatic-rip overrun bug 1214534...
Debian DLA-399-1 : foomatic-filters security update
cups-filters contains multiple buffer overflows caused by lack of size checks when copying from environment variables to local buffers strcpy as well on string concatenation operations strcat. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA...
[SECURITY] [DLA 399-1] foomatic-filters security update
Package : foomatic-filters Version : 4.0.5-6+squeeze2+deb6u13 CVE ID : not yet assigned cups-filters contains multiple buffer overflows caused by lack of size checks when copying from environment variables to local buffers strcpy as well on string concatenation operations strcat...