Download
| Alert*
oval:org.secpod.oval:def:1800737
A localhost.localdomain whitelist entry in valid_host in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server ... oval:org.secpod.oval:def:89002348 This update for cups fixes the following issues: - CVE-2017-18190: Removed localhost.localdomain from list of trustworthy hosts in scheduler/client.c to avoid arbitrary IPP command execution in conjunction with DNS rebinding oval:org.secpod.oval:def:51998 cups: Common UNIX Printing System CUPS could be made to provide access to printers over the network. oval:org.secpod.oval:def:1800467 A localhost.localdomain whitelist entry in valid_host in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server ... oval:org.secpod.oval:def:703989 cups: Common UNIX Printing System CUPS could be made to provide access to printers over the network. oval:org.secpod.oval:def:504333 The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix: * cups: DNS rebinding attacks via incorrect whitelist * cups: stack-buffer-overflow in libcups"s asn1_get_type function * cups: stack-buffer-overflow in libcups"s asn1_ ... oval:org.secpod.oval:def:1700417 A localhost.localdomain whitelist entry in valid_host in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server ... oval:org.secpod.oval:def:205662 The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix: * cups: DNS rebinding attacks via incorrect whitelist * cups: stack-buffer-overflow in libcups"s asn1_get_type function * cups: stack-buffer-overflow in libcups"s asn1_ ... oval:org.secpod.oval:def:1504012 [1:1.6.3-51] - 1823758 - CVE-2017-18190 cups: DNS rebinding attacks via incorrect whitelist [rhel-7] [1:1.6.3-50] - 1813413 - [RHEL 7.7] segfault in cupsdSaveJob caused by no space in /var [1:1.6.3-49] - more covscan issues raised from the fix 1672212 [1:1.6.3-48] - fixing covscan issue from 1672212 ... |