:: Re: [DNG] Fwd: [oss-security] CUPS …
Top Page
Delete this message
Reply to this message
Author: Martin Steigerwald
Date:  
To: dng
Subject: Re: [DNG] Fwd: [oss-security] CUPS printing system vulnerabilities
Hi!

Martin Steigerwald - 27.09.24, 08:58:33 CEST:
> So here you have it.

[…]
> See here for full thread:
>
> https://www.openwall.com/lists/oss-security/2024/09/26/5


This just arrived in Devuan Ceres today:

cups (2.4.10-2) unstable; urgency=medium

[ Helge Kreutzmann ]
* Update German man page (2219t)

  [ Thorsten Alteholz ]
  * CVE-2024-47175
    Fix CVE and upstream also added some extra hardening to patch
    - validate URIs, attribute names, and capabilities
      in cups/ppd-cache.c, scheduler/ipp.c
    - sanitize make and model in cups/ppd-cache.c
    - PPDize preset and template names in cups/ppd-cache.c
    - quote PPD localized strings in  cups/ppd-cache.c
    - fix warnings in cups/ppd-cache.c


-- Thorsten Alteholz […] Thu, 26 Sep 2024 23:45:05 +0200

Not sure whether that is a complete fix.

Anyway, I have no need for cups-browsed so it remains not installed.

Best,
--
Martin