cups-2.2.6-54.el8

エラータID: AXSA:2023-7196:13

Release date: 
Saturday, December 23, 2023 - 00:15
Subject: 
cups-2.2.6-54.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.

Security Fix(es):

* cups: heap buffer overflow may lead to DoS (CVE-2023-32324)
* cups: use-after-free in cupsdAcceptClient() in scheduler/client.c (CVE-2023-34241)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.9 Release Notes linked from the References section.

CVE-2023-32324
OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.
CVE-2023-34241
OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue.

Solution: 

Update packages.

CVEs: 
CVE-2023-32324
OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.
CVE-2023-34241
OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue.
Additional Info: 

N/A

Download: 

SRPMS
  1. cups-2.2.6-54.el8.src.rpm
    MD5: 1f366a44ed19d7a1d22ae86d93c02d7f
    SHA-256: 56b82a4349a837176112c64b87d093b03664f881b12c7b7594157cb00d13bfa5
    Size: 10.09 MB

Asianux Server 8 for x86_64
  1. cups-2.2.6-54.el8.x86_64.rpm
    MD5: 22abb898cc0a31c31d3cb489cbfe303e
    SHA-256: e093731e6baf239c0cd6ab0c9deae6a26d900b9222149e69c4f2e791d3442dea
    Size: 1.42 MB
  2. cups-client-2.2.6-54.el8.x86_64.rpm
    MD5: d06c42299b5695b2fe3257aa8d7d16c9
    SHA-256: e50afbc1cde15e3d4ebe1d269629ccfc5f6e6e4441fef536969165eb6f2c6f25
    Size: 170.72 kB
  3. cups-devel-2.2.6-54.el8.i686.rpm
    MD5: 344b4a3644b2845884ce104f24651ee5
    SHA-256: 32339198fe38e4076d9a8dee434f8c49f011b71e7f2aa61a706b0b4da19cd6d8
    Size: 150.33 kB
  4. cups-devel-2.2.6-54.el8.x86_64.rpm
    MD5: a5faa65d1abc5a7c3110b20ffb49451a
    SHA-256: ec6e6b09964b9c95140a372311a7f00b1c2b86a5c8406b47845299e7bab4e872
    Size: 150.35 kB
  5. cups-filesystem-2.2.6-54.el8.noarch.rpm
    MD5: e260429b7d779f7c87235d3cc70435f6
    SHA-256: fc1a3c5111602fc5b08e4d505c7ed64ab4c68f11589e0e76e0e803dc811aa36f
    Size: 110.68 kB
  6. cups-ipptool-2.2.6-54.el8.x86_64.rpm
    MD5: 9323f53f4e2f834f323466f0f2444029
    SHA-256: b8f681db619c82bfc9f5cc1f1fc352dedd963b81dd795c88f9494b3f001674e0
    Size: 5.82 MB
  7. cups-libs-2.2.6-54.el8.i686.rpm
    MD5: d48b89c68e6e2d3241cb30135fea50a7
    SHA-256: 73164b2042d66cc89c2c489b6a5bc42ca3cc0784062ba65f0e08ba1ff983e08f
    Size: 460.80 kB
  8. cups-libs-2.2.6-54.el8.x86_64.rpm
    MD5: 1226a4da9fd4a92e70cfdd3e4733fbd4
    SHA-256: f851059c8d8083b492438a02ea441c63191f7d7371dbcb1b37301dc2475c2613
    Size: 434.33 kB
  9. cups-lpd-2.2.6-54.el8.x86_64.rpm
    MD5: 20a089adec04e0ac3d57aeac82a14ba2
    SHA-256: 6fbcaf483d959ab96c4b76650a1496f5de127148db3e9441acbcfdbdd6e0c580
    Size: 125.80 kB