ELSA-2025-0083

Опубликовано: 09 янв. 2025

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2025-0083: cups security update (LOW)

[1:2.2.6-62]

RHEL-60338 CVE-2024-47175 cups: remote command injection via attacker controlled data in PPD file

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

cups

2.2.6-62.el8_10

cups-client

2.2.6-62.el8_10

cups-devel

2.2.6-62.el8_10

cups-filesystem

2.2.6-62.el8_10

cups-ipptool

2.2.6-62.el8_10

cups-lpd

2.2.6-62.el8_10

cups-libs

2.2.6-62.el8_10

Oracle Linux x86_64

cups-libs

2.2.6-62.el8_10

cups

2.2.6-62.el8_10

cups-client

2.2.6-62.el8_10

cups-devel

2.2.6-62.el8_10

cups-filesystem

2.2.6-62.el8_10

cups-ipptool

2.2.6-62.el8_10

cups-lpd

2.2.6-62.el8_10

Связанные CVE

CVE-2024-47175

Ссылки на источники

Связанные уязвимости

CVE-2024-47175

CVSS3: 8.6

ubuntu

9 месяцев назад

CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.