Following security fix was released in v1.4.0: - foomatic-rip: SECURITY FIX: Also consider the semicolon (';') as an illegal shell escape character. Thanks to Adam Chester (adam dot chester at pentest dot co dot uk) for the hint. Upstream patch: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419 CVE request: http://seclists.org/oss-sec/2015/q4/479
Created foomatic tracking bugs for this issue: Affects: fedora-all [bug 1291229]
Created cups-filters tracking bugs for this issue: Affects: fedora-all [bug 1291228]
In terms of affected products and components (with respect to foomatic-filters packaged in cups-fitlers or foomatic packages), this issue is similar to CVE-2015-8327, see bug 1287523 comment 2.
cups-filters-1.4.0-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
cups-filters-1.4.0-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:0491 https://rhn.redhat.com/errata/RHSA-2016-0491.html