Описание
Important: cups-filters security update
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
-
cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
-
cups-filters: libcupsfilters:
cfGetPrinterAttributesAPI does not perform sanitization on returned IPP attributes (CVE-2024-47076) -
cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 9
Связанные CVE
Исправления
- Red Hat - 2314252
- Red Hat - 2314253
- Red Hat - 2314256
Связанные уязвимости
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.