foomatic-filters: User-assisted execution of arbitrary code

foomatic-filters: User-assisted execution of arbitrary code A vulnerability in foomatic-filters could result in the execution of arbitrary code. foomatic-filters 2012-03-06 2012-03-06 379559 remote 4.0.9 4.0.9

The foomatic-filters package contains wrapper scripts which are designed to be used with Foomatic.

The foomatic-rip filter improperly handles command-line arguments, including those issued by FoomaticRIPCommandLine fields in PPD files.

A remote attacker could entice a user to open a specially crafted PPD file, possibly resulting in execution of arbitrary code with the privileges of the system user "lp".

There is no known workaround at this time.

All foomatic-filters users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=net-print/foomatic-filters-4.0.9"

CVE-2011-2697 CVE-2011-2964 ackle ackle