[월:] 2018년 02월

USN-3577-1: CUPS vulnerability Ubuntu Security Notice USN-3577-1 20th February, 2018 cups vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary CUPS could be made to provide access to printers over the network. Software description cups – Common UNIX Printing System(tm) Details Jann Horn discovered that CUPS permitted HTTP requests with the Hostheader set to "localhost.localdomain" from the loopback interface. If auser were tricked in to opening a specially crafted website in their webbrowser, an attacker could potentially exploit this to obtain sensitiveinformation or control printers, via a DNS rebinding attack.(CVE-2017-18190) Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.04 LTS: cups 2.1.3-4ubuntu0.4 Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.9 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system [ more… ]