cups-filters-1.28.7-17.el9_4
エラータID: AXSA:2024-8862:03
リリース日:
2024/09/30 Monday - 10:30
題名:
cups-filters-1.28.7-17.el9_4
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- CUPS の libcupsfilters の cfGetPrinterAttributes5() 関数
には、IPP サーバーから返される IPP 属性の検証処理が
不足している問題があるため、リモートの攻撃者により、
細工された IPP データの送信を介して、不正なプリンター
の追加による情報の漏洩、および IPP URL の置換による
プリンターの乗っ取りなどを可能とする脆弱性が存在
します。(CVE-2024-47076)
- CUPS の libppd の ppdCreatePPDFromIPP2() 関数には、
PPD ファイルへの書き込み時における IPP 属性のチェック
処理が不足しているため、リモートの攻撃者により、細工
された IPP データの送信を介して、PPD ファイルへの不正
なコマンドの挿入を可能とする脆弱性が存在します。
(CVE-2024-47175)
- CUPS の cups-browsed には、送信元の制限をせずに
631/UDP からのパケットを処理してしまう問題があるため、
リモートの攻撃者により、不正な Get-Printer-Attributes IPP
リクエストの処理によるプリンタ情報の漏洩、および任意
のコードの実行を可能とする脆弱性が存在します。
(CVE-2024-47176)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-47076
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CVE-2024-47175
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
CVE-2024-47176
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled.
追加情報:
N/A
ダウンロード:
SRPMS
- cups-filters-1.28.7-17.el9_4.src.rpm
MD5: 1424ba77b06b93e6b7e759958797672c
SHA-256: c2e9ea5e7bff087f161f3b274118a93f60e44ee78a5c191da10729a10e20b49a
Size: 1.47 MB
Asianux Server 9 for x86_64
- cups-filters-1.28.7-17.el9_4.x86_64.rpm
MD5: d0275668941e47fe5f11c1170578f5c9
SHA-256: ccb59a340eedab4424c944006c32f3ab092da161e075c05f35c6a2ebc734f9d0
Size: 783.31 kB - cups-filters-devel-1.28.7-17.el9_4.i686.rpm
MD5: 7602aef611433ba7fd7e223749536381
SHA-256: d9f95b25d62ff8e2ff6c97838fbfca711b71db60935dff46cc59aadfb9c30f0d
Size: 23.29 kB - cups-filters-devel-1.28.7-17.el9_4.x86_64.rpm
MD5: 0b57141bbd2126b4173be91551226f75
SHA-256: be0452ea23bd47c8bc9695136abb9774cb839168c6b6161efbadec0bb2ed5773
Size: 23.29 kB - cups-filters-libs-1.28.7-17.el9_4.i686.rpm
MD5: 8f2e5f39d7218c4c13920fc6c8178213
SHA-256: ec1d9f822ae8f6764c84922b4e767ebf335dca9825688bf268843eef015b5205
Size: 142.16 kB - cups-filters-libs-1.28.7-17.el9_4.x86_64.rpm
MD5: c6657c86eeeb35bbbdc6b91afb0016a3
SHA-256: 1ad45179b7b79577c7e08ed85b581965de2f125880878277463355d4e805ca61
Size: 132.92 kB