Ubuntu alert USN-6844-2 (cups)
| From: | Sudhakar Verma <sudhakar.verma@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6844-2] CUPS regression | |
| Date: | Tue, 02 Jul 2024 15:14:18 +0530 | |
| Message-ID: | <52555e89-6393-48bf-a8d9-1ce88906009a@canonical.com> |
========================================================================== Ubuntu Security Notice USN-6844-2 June 28, 2024 cups regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: USN-6844-1 caused the cupsd daemon to never start Software Description: - cups: Common UNIX Printing System(tm) Details: USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression in CUPS with regards to how the cupsd daemon handles Listen configuration directive. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the cupsd process fails to validate if bind call passed. An attacker could possibly trick cupsd to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS cups 2.4.7-1.2ubuntu7.2 cups-daemon 2.4.7-1.2ubuntu7.2 Ubuntu 23.10 cups 2.4.6-0ubuntu3.2 cups-daemon 2.4.6-0ubuntu3.2 Ubuntu 22.04 LTS cups 2.4.1op1-1ubuntu4.10 cups-daemon 2.4.1op1-1ubuntu4.10 Ubuntu 20.04 LTS cups 2.3.1-9ubuntu1.8 cups-daemon 2.3.1-9ubuntu1.8 Ubuntu 18.04 LTS cups 2.2.7-1ubuntu2.10+esm5 Available with Ubuntu Pro cups-daemon 2.2.7-1ubuntu2.10+esm5 Available with Ubuntu Pro Ubuntu 16.04 LTS cups 2.1.3-4ubuntu0.11+esm7 Available with Ubuntu Pro cups-daemon 2.1.3-4ubuntu0.11+esm7 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6844-2 <https://ubuntu.com/security/notices/USN-6844-2> https://ubuntu.com/security/notices/USN-6844-1 <https://ubuntu.com/security/notices/USN-6844-1> https://launchpad.net/bugs/2070315 <https://launchpad.net/bugs/2070315> Package Information: https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.2 <https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.2> https://launchpad.net/ubuntu/+source/cups/2.4.6-0ubuntu3.2 <https://launchpad.net/ubuntu/+source/cups/2.4.6-0ubuntu3.2> https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubunt... <https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubunt...> https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.8 <https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.8>
Attachment: None (type=text/html)
(elided)
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEcfvxe+flLQwqLJFE8LYUYLBMS1YFAmaDy/IFAwAAAAAACgkQ8LYUYLBMS1ZG gg/9EiHjMf3DIfxag3zMUVopW2U2F6V7kTXi0OjBFR4lhzT3wfRCcUmIvvzrf6ywRcFHH9Z5sPL8 2OrEbi5Y4/7UILCwI3C07j9kFHLYhTHkDl+OWoQi1QpSZ1Xzbt+YdwA6iheRQDFte0hDPAbkpy45 xlDloZk+Y0Snwx1B7kIbxA5Wa4EZU8j8WXSS35HpJZtgxzn0EMl82uUkhvzXTFBgdt1+/rS9RzFF mJckhlxy1zrhANwluH5xXePhA6qMmdokTJscS/zmui/A4tt3ZncL1xfBfP8BLSGapFjARvPAhapG v8mDBuexjEl21/V628Cbk7Yi0OCyq3i7TRDeRem/TjCFU4fQnqdrW0Y0koSKtryk5p6VUpwcg+kB eabWt7uy2NSuAol5tD704lP0UXk+bcmP6FsKYSrtmCaB+FVuF1MYgeWEBGBM9mXkXK2xswqd2Ilh qBD2WEm1gVshRk3hK5+YBeKuvx2c1NZXFw1OtehvwW0PK9mEQKb2asF1cXvMTlfLyOFe0vIFZ7Fk xabSK4R7CIOkIIivvYJ4U3OQXb72t6YfRKXYPJ3LKk7LulTD/XOJHCpT61/1hd4UAW817BLK2itr 3fqxc2VfUS+SH9T4T2gSp9yNMj5O+9KHLienm11YcuOBf3wlhdZbr3inOP2InOCU0/bNc02rrGz1 wdE= =C4kY -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)