Описание
Security update for cups-filters
This update for cups-filters fixes the following issues:
- CVE-2024-47850: Fixed cups-browsed can be abused to initiate remote DDoS against third-party targets (bsc#1231294)
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
cups-filters-1.0.58-19.32.1
cups-filters-cups-browsed-1.0.58-19.32.1
cups-filters-foomatic-rip-1.0.58-19.32.1
cups-filters-ghostscript-1.0.58-19.32.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
cups-filters-1.0.58-19.32.1
cups-filters-cups-browsed-1.0.58-19.32.1
cups-filters-foomatic-rip-1.0.58-19.32.1
cups-filters-ghostscript-1.0.58-19.32.1
Ссылки
- Link for SUSE-SU-2024:3756-1
- E-Mail link for SUSE-SU-2024:3756-1
- SUSE Security Ratings
- SUSE Bug 1231294
- SUSE CVE CVE-2024-47850 page
Описание
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:cups-filters-1.0.58-19.32.1
SUSE Linux Enterprise Server 12 SP5-LTSS:cups-filters-cups-browsed-1.0.58-19.32.1
SUSE Linux Enterprise Server 12 SP5-LTSS:cups-filters-foomatic-rip-1.0.58-19.32.1
SUSE Linux Enterprise Server 12 SP5-LTSS:cups-filters-ghostscript-1.0.58-19.32.1
Ссылки
- CVE-2024-47850
- SUSE Bug 1231294