cups-filters-1.28.7-17.el9_4
エラータID: AXSA:2024-8862:03
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2024-47076
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CVE-2024-47175
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
CVE-2024-47176
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.
Update packages.
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.
N/A
SRPMS
- cups-filters-1.28.7-17.el9_4.src.rpm
MD5: 1424ba77b06b93e6b7e759958797672c
SHA-256: c2e9ea5e7bff087f161f3b274118a93f60e44ee78a5c191da10729a10e20b49a
Size: 1.47 MB
Asianux Server 9 for x86_64
- cups-filters-1.28.7-17.el9_4.x86_64.rpm
MD5: d0275668941e47fe5f11c1170578f5c9
SHA-256: ccb59a340eedab4424c944006c32f3ab092da161e075c05f35c6a2ebc734f9d0
Size: 783.31 kB - cups-filters-devel-1.28.7-17.el9_4.i686.rpm
MD5: 7602aef611433ba7fd7e223749536381
SHA-256: d9f95b25d62ff8e2ff6c97838fbfca711b71db60935dff46cc59aadfb9c30f0d
Size: 23.29 kB - cups-filters-devel-1.28.7-17.el9_4.x86_64.rpm
MD5: 0b57141bbd2126b4173be91551226f75
SHA-256: be0452ea23bd47c8bc9695136abb9774cb839168c6b6161efbadec0bb2ed5773
Size: 23.29 kB - cups-filters-libs-1.28.7-17.el9_4.i686.rpm
MD5: 8f2e5f39d7218c4c13920fc6c8178213
SHA-256: ec1d9f822ae8f6764c84922b4e767ebf335dca9825688bf268843eef015b5205
Size: 142.16 kB - cups-filters-libs-1.28.7-17.el9_4.x86_64.rpm
MD5: c6657c86eeeb35bbbdc6b91afb0016a3
SHA-256: 1ad45179b7b79577c7e08ed85b581965de2f125880878277463355d4e805ca61
Size: 132.92 kB