Bug 1287523 (CVE-2015-8327)
| Summary: | CVE-2015-8327 cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | jpopelka, twaugh |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | cups-filters 1.2.0 | Doc Type: | Bug Fix |
| Doc Text: |
It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-08 02:46:01 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1301076, 1301077 | ||
| Bug Blocks: | 1287524 | ||
Fixed in Fedora in: cups-filters-1.2.0-1.fc24 cups-filters-1.2.0-1.fc23 cups-filters-1.2.0-1.fc22 Upstream fix apparently is: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406 Plus a related change to add CVE to the NEWS file: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7409 foomatic filters were only added to cups-filters in version 1.0.42: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7120#NEWS So the affected code is not in cups-filters or cups packages as shipped in Red Hat Enterprise Linux 7 and earlier. However, foomatic-filters are also packaged separately as foomatic package. foomatic in Fedora does not include foomatic-rip filter and require cups-filters: http://pkgs.fedoraproject.org/cgit/foomatic.git/commit/?id=7ceea0f262bd8b96c6f173a1e193b902804012ad This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:0491 https://rhn.redhat.com/errata/RHSA-2016-0491.html |
The following issue was fixed in the 1.2.0 release of cups-filters: foomatic-rip: SECURITY FIX: Also consider the back tick ('`') as an illegal shell escape character. Thanks to Michal Kowalczyk from the Google Security Team for the hint (CVE-2015-8327). External References: https://lists.debian.org/debian-printing/2015/11/msg00020.html