RLSA-2024:7346

See a problem?
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2024:7346.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2024:7346
Related
Published
2024-09-30T14:31:39.795853Z
Modified
2024-09-30T14:33:15.361126Z
Summary
Important: cups-filters security update
Details

The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.

Security Fix(es):

  • cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()

  • cups-filters: libcupsfilters: cfGetPrinterAttributes API does not perform sanitization on returned IPP attributes (CVE-2024-47076)

  • cups: libppd: remote command injection via attacker controlled data in PPD file ()

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:9 / cups-filters

Package

Name
cups-filters
Purl
pkg:rpm/rocky-linux/cups-filters?distro=rocky-linux-9&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.28.7-17.el9_4