CVE-2017-18190: Removed localhost.localdomain from list
of trustworthy hosts in scheduler/client.c to avoid arbitrary IPP
command execution in conjunction with DNS rebinding.
(bsc#1081557)
Affected Packages
cups
SUSE Linux Enterprise Desktop 12 SP2SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server 12 SP3
Fixed in:
1.7.5-20.3.1
cups-client
SUSE Linux Enterprise Desktop 12 SP2SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server 12 SP3
Fixed in:
1.7.5-20.3.1
cups-libs
SUSE Linux Enterprise Desktop 12 SP2SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server 12 SP3
Fixed in:
1.7.5-20.3.1
cups-libs-32bit
SUSE Linux Enterprise Desktop 12 SP2SUSE Linux Enterprise Desktop 12 SP3SUSE Linux Enterprise Server 12 SP1-LTSSSUSE Linux Enterprise Server 12 SP2SUSE Linux Enterprise Server 12 SP3
Fixed in:
1.7.5-20.3.1
cups-ddk
SUSE Linux Enterprise Software Development Kit 12 SP2SUSE Linux Enterprise Software Development Kit 12 SP3
Fixed in:
1.7.5-20.3.1
cups-devel
SUSE Linux Enterprise Software Development Kit 12 SP2SUSE Linux Enterprise Software Development Kit 12 SP3