Alibaba Cloud Linux 2.1903 Security Advisory: ALINUX2-SA-2024:0040
Issued: 2024-12-02
Updated: 2024-12-02
Summary
cups-filters security update
Severity
Important
Description
Package updates are available for Alibaba Cloud Linux 2.1903 that fix the following vulnerabilities:
CVE-2024-47076:
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
CVE-2024-47175:
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
CVE-2024-47176:
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
CVE-2024-47850:
CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
References
Updated Packages
- aarch64
- cups-filters-1.0.35-29.1.al7.3.aarch64.rpm → (download)
- cups-filters-debuginfo-1.0.35-29.1.al7.3.aarch64.rpm → (download)
- cups-filters-devel-1.0.35-29.1.al7.3.aarch64.rpm → (download)
- cups-filters-libs-1.0.35-29.1.al7.3.aarch64.rpm → (download)
- i686
- cups-filters-1.0.35-29.1.al7.3.i686.rpm → (download)
- cups-filters-debuginfo-1.0.35-29.1.al7.3.i686.rpm → (download)
- cups-filters-devel-1.0.35-29.1.al7.3.i686.rpm → (download)
- cups-filters-libs-1.0.35-29.1.al7.3.i686.rpm → (download)
- src
- cups-filters-1.0.35-29.1.al7.3.src.rpm → (download)
- x86_64
- cups-filters-1.0.35-29.1.al7.3.x86_64.rpm → (download)
- cups-filters-debuginfo-1.0.35-29.1.al7.3.x86_64.rpm → (download)
- cups-filters-devel-1.0.35-29.1.al7.3.x86_64.rpm → (download)
- cups-filters-libs-1.0.35-29.1.al7.3.x86_64.rpm → (download)