:: Re: [DNG] Fwd: [oss-security] CUPS …
Top Pagina
Deze boodschap maakt deel uit van devolgende draad:
M\de volledige draad-boom gesorteerd op datum
MMJoel Roth op <-
MMartin Steigerwald op ->
Delete this message
Reply to this message
Auteur: Martin Steigerwald
Datum:  
Aan: dng
Onderwerp: Re: [DNG] Fwd: [oss-security] CUPS printing system vulnerabilities
Hi!

Martin Steigerwald - 27.09.24, 08:58:33 CEST:
> So here you have it.
[…]
> See here for full thread:
>
> https://www.openwall.com/lists/oss-security/2024/09/26/5

This just arrived in Devuan Ceres today:

cups (2.4.10-2) unstable; urgency=medium

[ Helge Kreutzmann ]
* Update German man page (2219t) 

  [ Thorsten Alteholz ]
  * CVE-2024-47175
    Fix CVE and upstream also added some extra hardening to patch
    - validate URIs, attribute names, and capabilities
      in cups/ppd-cache.c, scheduler/ipp.c
    - sanitize make and model in cups/ppd-cache.c
    - PPDize preset and template names in cups/ppd-cache.c
    - quote PPD localized strings in  cups/ppd-cache.c
    - fix warnings in cups/ppd-cache.c


-- Thorsten Alteholz […] Thu, 26 Sep 2024 23:45:05 +0200

Not sure whether that is a complete fix.

Anyway, I have no need for cups-browsed so it remains not installed.

Best,
--
Martin


Deze boodschap werd naar devolgende mailinglijsten gestuurd:
dng
Mailing Lijst Info | Nabije Berichten		<-Re: [DNG] coredump et alRe: [DNG] Fwd: [oss-security] CUPS printing system vulnerabilities->

Donate to Dyne.org

dyne.org open discussions
beheerd door dyne.org hackers		Lurker (versie 2.3)