Ubuntu has issued an advisory on February 20: https://usn.ubuntu.com/usn/usn-3577-1/ The issue was fixed upstream in 2.2.2, so Mageia 6 is not affected. Patched package uploaded for Mageia 5. Advisory: ======================== Updated cups packages fix security vulnerability: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack (CVE-2017-18190). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18190 https://usn.ubuntu.com/usn/usn-3577-1/ ======================== Updated packages in core/updates_testing: ======================== cups-2.0.4-1.4.mga5 cups-common-2.0.4-1.4.mga5 libcups2-devel-2.0.4-1.4.mga5 libcups2-2.0.4-1.4.mga5 cups-filesystem-2.0.4-1.4.mga5 from cups-2.0.4-1.4.mga5.src.rpm
On real hardware, x86_64 server kernel. Packages installed cleanly. Loaded an image file into The GIMP, and printed it on an Officejet 6110 printer. Looks good for 64-bit to me.
Whiteboard: (none) => MGA5-64-OKCC: (none) => andrewsfarm
Validating. Advisory uploaded.
Keywords: (none) => advisory, has_procedure, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0147.html
Status: NEW => RESOLVEDResolution: (none) => FIXED