Oval Definition:oval:com.ubuntu.artful:def:201718190000
Revision Date:2018-02-16Version:1
Title:CVE-2017-18190 on Ubuntu 17.10 (artful) - medium.
Description:A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
Family:unixClass:vulnerability
Status:Reference(s):CVE-2017-18190
Platform(s):Ubuntu 17.10
Product(s):
Definition Synopsis
  • Ubuntu 17.10 (artful) is installed.
  • AND NOT While related to the CVE in some way, the 'cups' package in artful is not affected (note: '2.2.4-7ubuntu2').
  • BACK