:: Re: [DNG] Fwd: [oss-security] CUPS …
Góra strony
Wiadomość jest częścią wątku:
M\pełne drzewo wątku posortowane wg daty
MMJoel Roth at <-
MMMartin Steigerwald at ->
Delete this message
Reply to this message
Autor: Martin Steigerwald
Data:  
Dla: dng
Temat: Re: [DNG] Fwd: [oss-security] CUPS printing system vulnerabilities
Hi!

Martin Steigerwald - 27.09.24, 08:58:33 CEST:
> So here you have it.
[…]
> See here for full thread:
>
> https://www.openwall.com/lists/oss-security/2024/09/26/5

This just arrived in Devuan Ceres today:

cups (2.4.10-2) unstable; urgency=medium

[ Helge Kreutzmann ]
* Update German man page (2219t) 

  [ Thorsten Alteholz ]
  * CVE-2024-47175
    Fix CVE and upstream also added some extra hardening to patch
    - validate URIs, attribute names, and capabilities
      in cups/ppd-cache.c, scheduler/ipp.c
    - sanitize make and model in cups/ppd-cache.c
    - PPDize preset and template names in cups/ppd-cache.c
    - quote PPD localized strings in  cups/ppd-cache.c
    - fix warnings in cups/ppd-cache.c


-- Thorsten Alteholz […] Thu, 26 Sep 2024 23:45:05 +0200

Not sure whether that is a complete fix.

Anyway, I have no need for cups-browsed so it remains not installed.

Best,
--
Martin


Wiadomość została wysłana do następujących list mailowych:
dng
Informacja o liście mailowej | Najbliższe wiadomości		<-Re: [DNG] coredump et alRe: [DNG] Fwd: [oss-security] CUPS printing system vulnerabilities->

Donate to Dyne.org

dyne.org open discussions
administrowana przez dyne.org hackers		Lurker (wersja 2.3)