|
|
Subscribe / Log in / New account

Debian alert DLA-3440-1 (cups)



From:
              Thorsten Alteholz <debian@alteholz.de>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 3440-1] cups security update


Date:
              Thu, 01 Jun 2023 21:26:45 +0000


Message-ID:
              <alpine.DEB.2.21.2306012125190.32453@postfach.intern.alteholz.me>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3440-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
June 01, 2023                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : cups
Version        : 2.2.10-6+deb10u7
CVE ID         : CVE-2023-32324


An issue has been found in cups, the Common UNIX Printing System.
Due to a buffer overflow vulnerability in the function format_log_line()
a remote attackers could cause a denial-of-service(DoS). The vulnerability 
can be triggered when the configuration file cupsd.conf sets the value of 
"loglevel" to "DEBUG".


For Debian 10 buster, this problem has been fixed in version
2.2.10-6+deb10u7.

We recommend that you upgrade your cups packages.

For the detailed security status of cups please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cups

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmR5DRVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcBlA//cBaLIKhAOzMADdc9oNWLTU0jrrYO/HWL/b5ao8IqQ10j9QeGI1gYD4a3
M7YkFi4V4XTZYCQz6ORHG4lwHpOlAKqPoxfkFfipRyBxo5Xtt1d/swSNAdj1k9CB
H2u9XwhmaXqPMThZcOaUiHiPa12GA9FKQtVTLIjIpgvEQIa5gZYXSj3pIf6ZfoLY
VrtoHzcBMOdIa74kkU7S4O6gGB2xhWXXPuHYcVrc8dD97FxDpyGUKop3nFDYI+JL
BlLMQidRczE85QthOFSPU3948Iqs+sX0o9xV9P+eybmtx8d3hgpJ7RGp5uErVpbk
xR26dFGvPndfT+QzQ4jJpEYyE3xyHObmmfFY8weccSEXBC9gPwdQdbceLuz/cm8j
KdXqw8ceta+MRH0oigQLRH2Q0husceX5Lvila3X1fAQN1AfibBN1fELoQYn/ZheK
ejkXUY9xbLB+mWJTS3GtuYzw2hPZMkME/fXE95us1vYhTRtg3g+6OWZ+foVGsDOQ
tCJ0+/7YIcJrYNGwXD0EyxJ0x8uo1x5q0FHlOtFjWv6iitmRJvx52Ee8d6c+CVl4
kgj4J/KdJWWClPrQAYCX8uVVO43hLRfC7/hIo/X9yqvCc7ERwzNFSVdWVJxsNbkT
wUxsLzoZrZinrttuKwgjyCOLnK7LiPb64BXsGe+oVlOvD20cxYk=
=oZJ7
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds