Advisories » MGASA-2018-0147

Updated cups packages fix security vulnerability

Publication date: 26 Feb 2018
Modification date: 26 Feb 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-18190

Description

Updated cups packages fix security vulnerability:

Jann Horn discovered that CUPS permitted HTTP requests with the Host header set
to "localhost.localdomain" from the loopback interface. If a user were tricked
in to opening a specially crafted website in their web browser, an attacker
could potentially exploit this to obtain sensitive information or control
printers, via a DNS rebinding attack (CVE-2017-18190).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22649
• https://usn.ubuntu.com/usn/usn-3577-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18190

SRPMS

5/core

• cups-2.0.4-1.4.mga5