Описание
ELSA-2024-7346: cups-filters security update (IMPORTANT)
[1.28.7-17.0.1]
- header/footer not being printed in banner page. [Orabug: 28265099] (isaac.chen@oracle.com)
- Fixes [Orabug: 29163824] source indentation not following convention (isaac.chen@oracle.com)
[1.28.7-17]
- fix rpmverify error
[1.28.7-16]
- CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file
- CVE-2024-47076 cups-filters: cfGetPrinterAttributes API does not perform sanitization on returned IPP attributes
- CVE-2024-47176 cups-filters: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
cups-filters-devel
1.28.7-17.0.1.el9_4
cups-filters
1.28.7-17.0.1.el9_4
cups-filters-libs
1.28.7-17.0.1.el9_4
Oracle Linux x86_64
cups-filters
1.28.7-17.0.1.el9_4
cups-filters-libs
1.28.7-17.0.1.el9_4
cups-filters-devel
1.28.7-17.0.1.el9_4
Связанные CVE
Связанные уязвимости
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.