Monday, October 21, 2024

[USN-7042-3] cups-browsed vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmcWb7MACgkQZWnYVadE
vpPmTBAAgTWBjsQ5y47UBpPyOlOppSIAx4S9dUAsKlIcylR4t6wTmCyhoLwLLEdY
ovWLQM6T1DFNdoOePMYYNElCF23gQtrRNxv70xTLe9npzyHpov9jagIf/zBY4bPa
udLgp4nS2WLyhO0IXaeOhYkTYJbrqIru13ufKLtFQGMbQN2OSCfTu/ujKR+NdWOi
aJuy81xuDNUWw6SMmvFa8K74AGOt+PaTtghP4GfuSvMC/IDwAvl19fupYTsXLDaz
VHn4zGXaOU1YIAAkwPVmV4i1KRi0qQ8Dk2IJYCGEUuBsJ2iKKJVJMFX4Gcj0CabN
2fJLPd2eJfIkuIfLHDw/2t7u0LtRhjqWMqAIcZVsExQvWakEsdQ6hn/rvQ/lN6rw
uoq34difldCP6I1KAEKUVRhSZJb86GuKDrBiciHcclpYErDfmkaXtRrFJejYlzKI
hRtxGJihVE4fUzG+qo5Fv/mN6lpwfi+Ll+tQKVIUYRpkwgfcZYZurnzTCr2M7ZAR
DLEDGRHIYGupeeC9omhk+TKwhmcHly491g3P6TmFqUXTw5jkofRCO3AdzndPwMXc
pmVJu+uSP9bv9pwmkBJsPFcwYoKOe7DwtgVALiK/FND9+6pZxcWseFStp5LYje9e
AjE5KVTgc2cGfuJVtFYgdv4S1OE0YaT2LriKRFus603lcZZ43UU=
=LIPN
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7042-3
October 21, 2024

cups-browsed vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10

Summary:

cups-browsed could be made to run programs if it received specially crafted
network traffic.

Software Description:
- cups-browsed: OpenPrinting cups-browsed

Details:

USN-7042-2 released an improved fix for cups-browsed. This update provides
the corresponding update for Ubuntu 24.10.

Original advisory details:

Simone Margaritelli discovered that cups-browsed could be used to create
arbitrary printers from outside the local network. In combination with
issues in other printing components, a remote attacker could possibly use
this issue to connect to a system, created manipulated PPD files, and
execute arbitrary code when a printer is used. This update disables
support for the legacy CUPS printer discovery protocol.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
cups-browsed 2.0.1-0ubuntu2.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7042-3
https://ubuntu.com/security/notices/USN-7042-2
https://ubuntu.com/security/notices/USN-7042-1
CVE-2024-47176

Package Information:
https://launchpad.net/ubuntu/+source/cups-browsed/2.0.1-0ubuntu2.1

No comments:

Post a Comment