The following issue was fixed in the 1.2.0 release of cups-filters: foomatic-rip: SECURITY FIX: Also consider the back tick ('`') as an illegal shell escape character. Thanks to Michal Kowalczyk from the Google Security Team for the hint (CVE-2015-8327). External References: https://lists.debian.org/debian-printing/2015/11/msg00020.html
Fixed in Fedora in: cups-filters-1.2.0-1.fc24 cups-filters-1.2.0-1.fc23 cups-filters-1.2.0-1.fc22
Upstream fix apparently is: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7406 Plus a related change to add CVE to the NEWS file: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7409 foomatic filters were only added to cups-filters in version 1.0.42: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7120#NEWS So the affected code is not in cups-filters or cups packages as shipped in Red Hat Enterprise Linux 7 and earlier. However, foomatic-filters are also packaged separately as foomatic package.
foomatic in Fedora does not include foomatic-rip filter and require cups-filters: http://pkgs.fedoraproject.org/cgit/foomatic.git/commit/?id=7ceea0f262bd8b96c6f173a1e193b902804012ad
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:0491 https://rhn.redhat.com/errata/RHSA-2016-0491.html