Joined: 12 May 2004
|Posted: Tue Mar 06, 2012 7:26 am Post subject: [ GLSA 201203-07 ] foomatic-filters: User-assisted execution
|Gentoo Linux Security Advisory
Title: foomatic-filters: User-assisted execution of arbitrary code (GLSA 201203-07)
Date: March 06, 2012
A vulnerability in foomatic-filters could result in the execution
of arbitrary code.
The foomatic-filters package contains wrapper scripts which are designed
to be used with Foomatic.
Vulnerable: < 4.0.9
Unaffected: >= 4.0.9
Architectures: All supported architectures
The foomatic-rip filter improperly handles command-line arguments,
including those issued by FoomaticRIPCommandLine fields in PPD files.
A remote attacker could entice a user to open a specially crafted PPD
file, possibly resulting in execution of arbitrary code with the
privileges of the system user "lp".
There is no known workaround at this time.
All foomatic-filters users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose