VDB

GCVE-110-MAGEIA-2018-147

GCVE-110-MAGEIA-2018-147
Advisory Published
Vulnetix · Advisory published February 26, 2018
Updated cups packages fix security vulnerability: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack (CVE-2017-18190).

Affected Products

VendorProductVersionsPlatforms
Mageiasimgear0 (affected), 2018.2.2-5.mga6 (unaffected)
Mageiaflightgear-data0 (affected), 2018.2.2-1.mga6 (unaffected)
Mageiaflightgear0 (affected), 2018.2.2-5.mga6 (unaffected)
Mageiacups0 (affected), 2.0.4-1.4.mga5 (unaffected), 0 (affected), 2.0.4-1.4.mga5 (unaffected)

Browse GCVE Records

71,925 records in the GCVE database · Updated July 13, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›