cups-filters-1.20.0-29.el8.2
エラータID: AXSA:2023-6177:04
リリース日:
2023/06/30 Friday - 03:01
題名:
cups-filters-1.20.0-29.el8.2
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- CUPS Filters の beh.c には、入力された文字列をサニタイズしない
問題があるため、リモートの攻撃者により、Backend Error Handler
(beh) を用いて作成されたアクセス可能なネットワークプリンターを
介して、リモートコード実行を可能とする脆弱性が存在します。
(CVE-2023-24805)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-24805
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.
追加情報:
N/A
ダウンロード:
SRPMS
- cups-filters-1.20.0-29.el8.2.src.rpm
MD5: f9c5b996a6d750c4813cec070dd6cd53
SHA-256: b64dcfd91fbc9492d3e199bbf3a2d442d36e6b052354826b93f41a5714f196b7
Size: 1.47 MB
Asianux Server 8 for x86_64
- cups-filters-1.20.0-29.el8.2.x86_64.rpm
MD5: 66be1bbc643c07091269776cf7f4cb1c
SHA-256: d8b0fbb0fae385a6a56496146acff1d7515e05bd5f0e34a4055dc579d9b44e66
Size: 765.41 kB - cups-filters-devel-1.20.0-29.el8.2.i686.rpm
MD5: c13b4e33be78fedd74350bfbc41645eb
SHA-256: f6e03b2a7ed4688e1c9e14e26c83ead93742eda3889e6eab74b46e3ade029005
Size: 34.99 kB - cups-filters-devel-1.20.0-29.el8.2.x86_64.rpm
MD5: 44dfb4bf7533425b035b6819d438cb07
SHA-256: 4a989667e72f8828acfb036171419f18c15f9f0fd4995650ff244f53eb6386ad
Size: 34.98 kB - cups-filters-libs-1.20.0-29.el8.2.i686.rpm
MD5: 54cbc4a646546e070a9bf0c39b30fd19
SHA-256: db521a24b7d100514cd330f2a9ad6297f69ddda54667daa21fddc029fc7f1b0d
Size: 143.47 kB - cups-filters-libs-1.20.0-29.el8.2.x86_64.rpm
MD5: 7d61d7160649cefacff6a9475fac3f2b
SHA-256: c1d275d4090783609329b416751a7c04c4f98f2a5e8cc25723b53a8348de0434
Size: 134.98 kB
English