cups-filters-1.20.0-35.el8_10

エラータID: AXSA:2024-8879:04

Release date: 
Friday, October 4, 2024 - 10:56
Subject: 
cups-filters-1.20.0-35.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.

Security Fix(es):

* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-47076
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CVE-2024-47175
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
CVE-2024-47176
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.

Solution: 

Update packages.

CVEs: 
CVE-2024-47076
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CVE-2024-47175
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
CVE-2024-47176
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
Additional Info: 

N/A

Download: 

SRPMS
  1. cups-filters-1.20.0-35.el8_10.src.rpm
    MD5: d8b55006eda3067186a528de7584a552
    SHA-256: 68ecb2fcad2300c55382dab557ff0d1d79d63e8faa2627e650fdbd5fc780b93b
    Size: 1.48 MB

Asianux Server 8 for x86_64
  1. cups-filters-1.20.0-35.el8_10.x86_64.rpm
    MD5: 5263880f893f816a081060af480c10bc
    SHA-256: 474cb29ed2292a07c9c0b555b18e76e3fc9471407d8acb03cc59ee0e50207a32
    Size: 768.93 kB
  2. cups-filters-devel-1.20.0-35.el8_10.i686.rpm
    MD5: 33a60db18f7da492daea6a34bda31c7d
    SHA-256: 7c1a8616d12f8b7e60824c0ba0c840f4e66361d4bd03466ee4883d4f9df27e77
    Size: 35.88 kB
  3. cups-filters-devel-1.20.0-35.el8_10.x86_64.rpm
    MD5: 507e11948ff13dc541a2b360f8f505be
    SHA-256: 7f5c9e75a0e886dac3bfe18113ded762d1b4486b45398efca2b11237b76a08b5
    Size: 35.87 kB
  4. cups-filters-libs-1.20.0-35.el8_10.i686.rpm
    MD5: 048a2a1bc266883ff6c357650e9bca72
    SHA-256: 04b338c8d77c07b0dc5ef4e28657da66930b7c9f8c1fd6dab070651363c4cfa0
    Size: 145.01 kB
  5. cups-filters-libs-1.20.0-35.el8_10.x86_64.rpm
    MD5: 0c8571a959c2129b71147221d46a5684
    SHA-256: fa1428dd9db47601c286dc4bff2b2d185ac1e9e4a6fb1f169b569f0316c932e7
    Size: 136.33 kB