-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : cups Version : 1.5.3-5+deb7u7 CVE ID : CVE-2017-18190
It was discovered that there was an issue in the CUPS printer framework where remote attackers could execute arbitrary commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. This was caused by a whitelisted "localhost.localdomain" entry. For Debian 7 "Wheezy", this issue has been fixed in cups version 1.5.3-5+deb7u7. We recommend that you upgrade your cups packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqO0sEACgkQHpU+J9Qx HljWZw//S+y2KQeB9XTnAzRmjCT+dednm7l0FMMtQcg4vQeblf2jcopfvQd+kE5u qTuU3CfI3YF63mJV+VrBijd+eGkX/VwEUMqZG8uLB36FU6ndNk8XpZp74655/mip YHy5uXJl4NTRzG19PJOEXHYCrA75yFnKCzYlO8KdfkQSlwKU4RNsvM7yeqoOYpDe PS+oRTLJjaElUCwC/ufBdvE56hqKmdVPYRC3iQ8FcEmYQ2ZlJtMKD2RcutSXXDls cgTEvlpwCUA7aQvuSgOqOtDwyorHSoBT9fNvYuK6pRGLOaLakJrrlU4EiBP7dI9b 1FMPGDYfuEaVhNju5tlquFYcv8O36NMXIwUv+VXgoRRdmNywUnQwZOj4TvYRvNbv yEwxaEjwTT6VLKPRgM3MbFi4+hklhIcMySl5L47G0YHk9x5oEgbvMJzxBcrYeZ8z rnIulFnSB10V0fX+iA0wX5Kld1WxHOCdXEePNpLsYaoXIuLdAxnaEyLjH9yMI+mE zngs8SxaS6SgKtksHDwe7KwLadfB0TGOBV9G1Bw+JYO6Xkiz3/y928OEZHMQ3isD lZozN+riRVJ79StgV+VOMj03OTkLYnXRMM9CvrkuYXV7qNO8oSZeTuuhh+eejtdO /yxTu0XtcsI7MRWk8CGktPgtiF8DvsmMemzKSNtWwniQsg4TPp0= =UnM2 -----END PGP SIGNATURE-----