Packages
- cups - Common UNIX Printing System(tm)
Details
Jann Horn discovered that CUPS permitted HTTP requests with the Host
header set to "localhost.localdomain" from the loopback interface. If a
user were tricked in to opening a specially crafted website in their web
browser, an attacker could potentially exploit this to obtain sensitive
information or control printers, via a DNS rebinding attack.
(CVE-2017-18190)
Jann Horn discovered that CUPS permitted HTTP requests with the Host
header set to "localhost.localdomain" from the loopback interface. If a
user were tricked in to opening a specially crafted website in their web
browser, an attacker could potentially exploit this to obtain sensitive
information or control printers, via a DNS rebinding attack.
(CVE-2017-18190)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 16.04 xenial | cups – 2.1.3-4ubuntu0.4 | ||
| 14.04 trusty | cups – 1.7.2-0ubuntu1.9 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.