:: Re: [DNG] Fwd: [oss-security] CUPS …
Top Page
Delete this message
Reply to this message
Author: Marjorie Roome
Date:  
To: dng
Subject: Re: [DNG] Fwd: [oss-security] CUPS printing system vulnerabilities
On Sat, 2024-09-28 at 10:08 +0200, Martin Steigerwald wrote:
> Hi!
>
> Martin Steigerwald - 27.09.24, 08:58:33 CEST:
> > So here you have it.
> […]
> > See here for full thread:
> >
> > https://www.openwall.com/lists/oss-security/2024/09/26/5
>
> This just arrived in Devuan Ceres today:
>
> cups (2.4.10-2) unstable; urgency=medium
>
>   [ Helge Kreutzmann ]
>   * Update German man page (2219t)
>
>   [ Thorsten Alteholz ]
>   * CVE-2024-47175
>     Fix CVE and upstream also added some extra hardening to patch
>     - validate URIs, attribute names, and capabilities
>       in cups/ppd-cache.c, scheduler/ipp.c
>     - sanitize make and model in cups/ppd-cache.c
>     - PPDize preset and template names in cups/ppd-cache.c
>     - quote PPD localized strings in  cups/ppd-cache.c
>     - fix warnings in cups/ppd-cache.c
>
>  -- Thorsten Alteholz […]  Thu, 26 Sep 2024 23:45:05 +0200
>
> Not sure whether that is a complete fix.


This update (fix?) has now landed in Daedulus.

> Anyway, I have no need for cups-browsed so it remains not installed.


I do have, and use cups-browsed, but port 631 is blocked from the
internet at my router's firewall.


--
Marjorie