Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:3863-1

Опубликовано: 01 нояб. 2024
Источник: suse-cvrf

Описание

Security update for cups-filters

This update for cups-filters fixes the following issues:

  • CVE-2024-47850: cups-browsed can be abused to initiate remote DDoS against third-party targets (bsc#1231294)
  • CVE-2024-47076: Fixed lack of input sanitization in cfGetPrinterAttributes5 (bsc#1230937).

Список пакетов

SUSE Enterprise Storage 7.1
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
SUSE Linux Enterprise Module for Basesystem 15 SP5
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
SUSE Linux Enterprise Module for Basesystem 15 SP6
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
SUSE Linux Enterprise Server 15 SP2-LTSS
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
SUSE Linux Enterprise Server 15 SP3-LTSS
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
SUSE Linux Enterprise Server 15 SP4-LTSS
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
SUSE Linux Enterprise Server for SAP Applications 15 SP4
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
SUSE Manager Proxy 4.3
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
SUSE Manager Server 4.3
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
openSUSE Leap 15.5
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2
openSUSE Leap 15.6
cups-filters-1.25.0-150200.3.19.2
cups-filters-devel-1.25.0-150200.3.19.2

Ссылки

Описание

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.

Затронутые продукты
SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2
SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2
Ссылки

Описание

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)

Затронутые продукты
SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2
SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2
Ссылки
Уязвимость SUSE-SU-2024:3863-1