CVE-2014-2707

Publication date 17 April 2014

Last updated 24 July 2024

cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues."

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cups-filters	14.04 LTS trusty	Fixed 1.0.52-0ubuntu1.1
	13.10 saucy	Not affected
	12.10 quantal	Not affected
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not in release

How can I get the fixes?
What do statuses mean?
Patch details

Notes

jdstrand

1.0.51 was an incomplete fix.

mdeslaur

CVE number pending for incomplete fix.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
cups-filters	Upstream: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2210-1
cups-filters vulnerability
8 May 2014

Other references

http://www.openwall.com/lists/oss-security/2014/04/01/4
http://www.openwall.com/lists/oss-security/2014/04/25/7
https://www.cve.org/CVERecord?id=CVE-2014-2707