Ubuntu alert USN-7043-2 (cups-filters)
| From: | "Leonidas S. Barbosa" <leo.barbosa@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7043-2] cups-filters vulnerability | |
| Date: | Tue, 01 Oct 2024 11:48:16 -0300 | |
| Message-ID: | <20241001144816.GA3748948@d4rkl41n> |
========================================================================== Ubuntu Security Notice USN-7043-2 October 01, 2024 cups-filters vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: cups-filters could be made to run programs if it received specially crafted network traffic. Software Description: - cups-filters: OpenPrinting CUPS Filters Details: USN-7043-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS cups-browsed 1.20.2-0ubuntu3.3+esm1 Available with Ubuntu Pro cups-filters 1.20.2-0ubuntu3.3+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7043-2 https://ubuntu.com/security/notices/USN-7043-1 CVE-2024-47176
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmb8C60ACgkQRbznW4QL H2mQag//WWPMVYitbHt7jOxEMBH3P6aHUdV9VvjKEmEIVWLrFl6Hp0e2vNx50GZI q2xDN6qPmoi8+qcg4oCsH/dK1sDjAy5N5MrBSIR9FQNmnccJaKuy2Imjvs9OVuG5 bAK+9FByU2WqgRroriRR/B1N29UbKhHBouZKFbcwgulD4sNErunsC8QEnViuFFlT YoHVhftjfwxC7U7y0uFvltazewrwqm0ftmofcF6grGUIK+AYMxJ868tu4hlk12At YGgF8btJL5EDpCsmR3HKnPiCAPfb0qK/sfnwL5OdU4fBdIlF9bj4I/Ydkc5+8vA1 3TdYaBeuuJYOf02b08PSDb3rZC2sw1Ejx4G3C87ud4ItTVQgoC3LtHsamy3W/End jKAuxxbxBamW5s/kzhkfIFfG8r3jVXs0GWa5+ZzvGqKEK1JP2onwPGVFdUDmFVDy /I7r4DIOhB6w5muC41KREFtuOYuPlYC4maJk87DfLForLelWIctUZArlKwdB3n9u reZKRTdsc3DduRpgxrQca/Fs1adc8vJd39ICgFzuZExVPPsonEBh6mImUclSR+o6 8KNWbibJqSzO9AQ4FtpemkQBrDYlHm2S/j+j/GiK2PRZoF52wj2Z5bIzOAhdF5vG jiCC/G45pC7hqg6a0ubbq6tqx1MF8QRAPxKNYp3ySxBLySVwfuQ= =YbvX -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)