Issued:: 2024-10-01
Updated:: 2024-10-01

RHSA-2024:7461 - Security Advisory

Overview
Updated Packages

Synopsis

Important: cups-filters security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for cups-filters is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.

Security Fix(es):

cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
cups: libppd: remote command injection via attacker controlled data in PPD file ()

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2314252 - CVE-2024-47176 cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
BZ - 2314253 - CVE-2024-47076 cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes
BZ - 2314256 - cups: libppd: remote command injection via attacker controlled data in PPD file

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
cups-filters-1.20.0-19.el8_2.2.src.rpm	SHA-256: 4f04f8937890c535570e073f3318b2d8cd5cfcc973d78ecb9397980291bf3ef6
x86_64
cups-filters-1.20.0-19.el8_2.2.x86_64.rpm	SHA-256: ff46bf3e4771423b8a26cb246d635a42ada5d95022431109438f9ef04a9639c4
cups-filters-debuginfo-1.20.0-19.el8_2.2.i686.rpm	SHA-256: fd3ea4044fa3136347650ceb516e6d179a8435c1464336fd4348f898ae28a259
cups-filters-debuginfo-1.20.0-19.el8_2.2.x86_64.rpm	SHA-256: 37116a92b5d15120b1bbe0e37c2049a1cf156ff0245b46f9ea047efe82ba22f4
cups-filters-debugsource-1.20.0-19.el8_2.2.i686.rpm	SHA-256: a85a260e9586c17dcd6c4a501672f03f0ef5203d0b6076bdd9665be016c283c7
cups-filters-debugsource-1.20.0-19.el8_2.2.x86_64.rpm	SHA-256: eb1d30356ce01f1e4278444eab0a903abc476cfbe121ab3fabc1ec56b26605c0
cups-filters-libs-1.20.0-19.el8_2.2.i686.rpm	SHA-256: 5241e24c59cca2b6624454a503f69b4092b685772c8f6e551202e790198aa21e
cups-filters-libs-1.20.0-19.el8_2.2.x86_64.rpm	SHA-256: e3324f726c6f123d2e4e55916e857fd6b98d29cabf11ac9c3da207f19da76725
cups-filters-libs-debuginfo-1.20.0-19.el8_2.2.i686.rpm	SHA-256: 23b309a3c1acfa24b610a6f1806902046f4f92fcbf5f0a8d10bed6e7eae7c670
cups-filters-libs-debuginfo-1.20.0-19.el8_2.2.x86_64.rpm	SHA-256: 77516692171269ed88f11f237d549f74ee85b6fd7d228acadc3a98cb700a8656

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation