Advisories ยป MGASA-2018-0147

Updated cups packages fix security vulnerability

Publication date: 26 Feb 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-18190


Updated cups packages fix security vulnerability:

Jann Horn discovered that CUPS permitted HTTP requests with the Host header set
to "localhost.localdomain" from the loopback interface. If a user were tricked
in to opening a specially crafted website in their web browser, an attacker
could potentially exploit this to obtain sensitive information or control
printers, via a DNS rebinding attack (CVE-2017-18190).