Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#45279 - [cups] remote code execution (CVE-2015-1158) in cups < 2.0.3
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Tuesday, 09 June 2015, 12:27 GMT
Last edited by Andreas Radke (AndyRTR) - Tuesday, 09 June 2015, 17:41 GMT
Opened by Remi Gacogne (rgacogne) - Tuesday, 09 June 2015, 12:27 GMT
Last edited by Andreas Radke (AndyRTR) - Tuesday, 09 June 2015, 17:41 GMT
|
DetailsHello,
A security issue [1] (CVE-2015-1158) has been found in cups < 2.0.3, allowing a remote attacker (with the possibility to send print request) to execute arbitrary code. As this is fixed in cups 2.0.3, I think we should upgrade as soon as possible. Note that the new version also fixes a XSS security issue (CVE-2015-1159) as well as a denial of service [2]. Thanks! [1]: http://www.cups.org/str.php?L4609 [2]: http://www.cups.org/str.php?L4602 |
This task depends upon