csaf_suse - suse-su-2025:20090-1

suse-su-2025:20090-1

Vulnerability from csaf_suse

Published

2025-02-03 09:10

Modified

2025-02-03 09:10

Summary

Security update for cups

Notes

Title of the patch

Security update for cups

Description of the patch

This update for cups fixes the following issues: - Version upgrade to 2.4.11: See https://github.com/openprinting/cups/releases CUPS 2.4.11 brings several bug fixes regarding IPP response validation, processing PPD values, Web UI support (checkbox support, modifying printers) and others fixes. Detailed list (from CHANGES.md): * Updated the maximum file descriptor limit for `cupsd` to 64k-1 (Issue #989) * Fixed `lpoptions -d` with a discovered but not added printer (Issue #833) * Fixed incorrect error message for HTTP/IPP errors (Issue #893) * Fixed JobPrivateAccess and SubscriptionPrivateAccess support for "all" (Issue #990) * Fixed issues with cupsGetDestMediaByXxx (Issue #993) * Fixed adding and modifying of printers via the web interface (Issue #998) * Fixed HTTP PeerCred authentication for domain users (Issue #1001) * Fixed checkbox support (Issue #1008) * Fixed printer state notifications (Issue #1013) * Fixed IPP Everywhere printer setup (Issue #1033) Issues are those at https://github.com/OpenPrinting/cups/issues In particular CUPS 2.4.11 contains those commit regarding IPP response validation and processing PPD values: * "Quote PPD localized strings" https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd plus a cleanup to "Fix warnings for unused vars" https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b - Version upgrade to 2.4.10: See https://github.com/openprinting/cups/releases CUPS 2.4.10 brings two fixes: * Fixed error handling when reading a mixed 1setOf attribute. * Fixed scheduler start if there is only domain socket to listen on (Issue #985) which is fix for regression after fix for CVE-2024-35235 in scenarios where is no other listeners in cupsd.conf than domain socket created on demand by systemd, launchd or upstart. Issues are those at https://github.com/OpenPrinting/cups/issues - Version upgrade to 2.4.9: See https://github.com/openprinting/cups/releases CUPS 2.4.9 brings security fix for CVE-2024-35235 and several bug fixes regarding CUPS Web User Interface, PPD generation and HTTP protocol implementation. Detailed list (from CHANGES.md): * Fixed domain socket handling (CVE-2024-35235) * Fixed creating of `cupsUrfSupported` PPD keyword (Issue #952) * Fixed searching for destinations in web ui (Issue #954) * Fixed TLS negotiation using OpenSSL with servers that require the TLS SNI extension. * Really raised `cups_enum_dests()` timeout for listing available IPP printers (Issue #751)... * Fixed `Host` header regression (Issue #967) * Fixed DNS-SD lookups of local services with Avahi (Issue #970) * Fixed listing jobs in destinations in web ui. (Apple issue #6204) * Fixed showing search query in web ui help page. (Issue #977) Issues are those at https://github.com/OpenPrinting/cups/issues Apple issues are those at https://github.com/apple/cups/issues - Update to version 2.4.8: See https://github.com/openprinting/cups/releases CUPS 2.4.8 brings many bug fixes which aggregated over the last half a year. It brings the important fix for race conditions and errors which can happen when installing permanent IPP Everywhere printer, support for PAM modules password-auth and system-auth and new option for lpstat which can show only the successful jobs. Detailed list (from CHANGES.md): * Added warning if the device has to be asked for 'all,media-col-database' separately (Issue #829) * Added new value for 'lpstat' option '-W' - successfull - for getting successfully printed jobs (Issue #830) * Added support for PAM modules password-auth and system-auth (Issue #892) * Updated IPP Everywhere printer creation error reporting (Issue #347) * Updated and documented the MIME typing buffering limit (Issue #925) * Raised 'cups_enum_dests()' timeout for listing available IPP printers (Issue #751) * Now report an error for temporary printer defaults with lpadmin (Issue #237) * Fixed mapping of PPD InputSlot, MediaType, and OutputBin values (Issue #238) * Fixed "document-unprintable-error" handling (Issue #391) * Fixed the web interface not showing an error for a non-existent printer (Issue #423) * Fixed printing of jobs with job name longer than 255 chars on older printers (Issue #644) * Really backported fix for Issue #742 * Fixed 'cupsCopyDestInfo' device connection detection (Issue #586) * Fixed "Upgrade" header handling when there is no TLS support (Issue #775) * Fixed memory leak when unloading a job (Issue #813) * Fixed memory leak when creating color profiles (Issue #815) * Fixed a punch finishing bug in the IPP Everywhere support (Issue #821) * Fixed crash in 'scan_ps()' if incoming argument is NULL (Issue #831) * Fixed setting job state reasons for successful jobs (Issue #832) * Fixed infinite loop in IPP backend if hostname is IP address with Kerberos (Issue #838) * Added additional check on socket if 'revents' from 'poll()' returns POLLHUP together with POLLIN or POLLOUT in 'httpAddrConnect2()' (Issue #839) * Fixed crash in 'ppdEmitString()' if 'size' is NULL (Issue #850) * Fixed reporting 'media-source-supported' when sharing printer which has numbers as strings instead of keywords as 'InputSlot' values (Issue #859) * Fixed IPP backend to support the "print-scaling" option with IPP printers (Issue #862) * Fixed potential race condition for the creation of temporary queues (Issue #871) * Fixed 'httpGets' timeout handling (Issue #879) * Fixed checking for required attributes during PPD generation (Issue #890) * Fixed encoding of IPv6 addresses in HTTP requests (Issue #903) * Fixed sending response headers to client (Issue #927) * Fixed CGI program initialization and validation of form checkbox and text fields. Issues are those at https://github.com/OpenPrinting/cups/issues - Version upgrade to 2.4.7: See https://github.com/openprinting/cups/releases CUPS 2.4.7 is released to ship the fix for CVE-2023-4504 and several other changes, among them it is adding OpenSSL support for cupsHashData function and bug fixes. Detailed list: * CVE-2023-4504 - Fixed Heap-based buffer overflow when reading Postscript in PPD files * Added OpenSSL support for cupsHashData (Issue #762) * Fixed delays in lpd backend (Issue #741) * Fixed extensive logging in scheduler (Issue #604) * Fixed hanging of lpstat on IBM AIX (Issue #773) * Fixed hanging of lpstat on Solaris (Issue #156) * Fixed printing to stderr if we can't open cups-files.conf (Issue #777) * Fixed purging job files via cancel -x (Issue #742) * Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743) * Fixed a bug in the PPD command interpretation code (Issue #768) Issues are those at https://github.com/OpenPrinting/cups/issues - Version upgrade to 2.4.6: See https://github.com/openprinting/cups/releases CUPS 2.4.6 is released to ship the fix for CVE-2023-34241 and two other bug fixes. Detailed list: * Fix linking error on old MacOS (Issue #715) * Fix printing multiple files on specific printers (Issue #643) * Fix use-after-free when logging warnings in case of failures in cupsdAcceptClient() (fixes CVE-2023-34241) Issues are those at https://github.com/OpenPrinting/cups/issues - Version upgrade to 2.4.5: See https://github.com/openprinting/cups/releases CUPS 2.4.5 is a hotfix release for a bug which corrupted locally saved certificates, which broke secured printing via TLS after the first print job. - Version upgrade to 2.4.4: See https://github.com/openprinting/cups/releases CUPS 2.4.4 release is created as a hotfix for segfault in cupsGetNamedDest(), when caller tries to find the default destination and the default destination is not set on the machine. - Version upgrade to 2.4.3: See https://github.com/openprinting/cups/releases CUPS 2.4.3 brings fix for CVE-2023-32324, several improvements and many bug fixes. CUPS now implements fallback for printers with broken firmware, which is not capable of answering to IPP request get-printer-attributes with all, media-col-database - this enables driverless support for bunch of printers which don't follow IPP Everywhere standard. Aside from the CVE fix the most important fixes are around color settings, printer application support fixes and OpenSSL support. Detailed list of changes: * Added a title with device uri for found network printers (Issues #402, #393) * Added new media sizes defined by IANA (Issues #501) * Added quirk for GoDEX label printers (Issue #440) * Fixed --enable-libtool-unsupported (Issue #394) * Fixed configuration on RISC-V machines (Issue #404) * Fixed the device_uri invalid pointer for driverless printers with .local hostname (Issue #419) * Fixed an OpenSSL crash bug (Issue #409) * Fixed a potential SNMP OID value overflow issue (Issue #431) * Fixed an OpenSSL certificate loading issue (Issue #465) * Fixed Brazilian Portuguese translations (Issue #288) * Fixed cupsd default keychain location when building with OpenSSL (Issue #529) * Fixed default color settings for CMYK printers as well (Issue #500) * Fixed duplicate PPD2IPP media-type names (Issue #688) * Fixed possible heap buffer overflow in _cups_strlcpy() (fixes CVE-2023-32324) * Fixed InputSlot heuristic for photo sizes smaller than 5x7" if there is no media-source in the request (Issue #569) * Fixed invalid memory access during generating IPP Everywhere queue (Issue #466) * Fixed lprm if no destination is provided (Issue #457) * Fixed memory leaks in create_local_bg_thread() (Issue #466) * Fixed media size tolerance in ippeveprinter (Issue #487) * Fixed passing command name without path into ippeveprinter (Issue #629) * Fixed saving strings file path in printers.conf (Issue #710) * Fixed TLS certificate generation bugs (Issue #652) * ippDeleteValues would not delete the last value (Issue #556) * Ignore some of IPP defaults if the application sends its PPD alternative (Issue #484) * Make Letter the default size in ippevepcl (Issue #543) * Now accessing Admin page in Web UI requires authentication (Issue #518) * Now look for default printer on network if needed (Issue #452) * Now we poll media-col-database separately if we fail at first (Issue #599) * Now report fax attributes and values as needed (Issue #459) * Now localize HTTP responses using the Content-Language value (Issue #426) * Raised file size limit for importing PPD via Web UI (Issue #433) * Raised maximum listen backlog size to INT MAX (Issue #626) * Update print-color-mode if the printer is modified via ColorModel PPD option (Issue #451) * Use localhost when printing via printer application (Issue #353) * Write defaults into /etc/cups/lpoptions if we're root (Issue #456) Issues are those at https://github.com/OpenPrinting/cups/issues

Patchnames

SUSE-SLE-Micro-6.0-122

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for cups",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for cups fixes the following issues:\n\n- Version upgrade to 2.4.11:\n  See https://github.com/openprinting/cups/releases\n  CUPS 2.4.11 brings several bug fixes regarding IPP response\n  validation, processing PPD values, Web UI support\n  (checkbox support, modifying printers) and others fixes.\n  Detailed list (from CHANGES.md):\n  * Updated the maximum file descriptor limit\n    for `cupsd` to 64k-1 (Issue #989)\n  * Fixed `lpoptions -d` with a discovered\n    but not added printer (Issue #833)\n  * Fixed incorrect error message for HTTP/IPP errors (Issue #893)\n  * Fixed JobPrivateAccess and SubscriptionPrivateAccess support\n    for \"all\" (Issue #990)\n  * Fixed issues with cupsGetDestMediaByXxx (Issue #993)\n  * Fixed adding and modifying of printers\n    via the web interface (Issue #998)\n  * Fixed HTTP PeerCred authentication\n    for domain users (Issue #1001)\n  * Fixed checkbox support (Issue #1008)\n  * Fixed printer state notifications (Issue #1013)\n  * Fixed IPP Everywhere printer setup (Issue #1033)\n  Issues are those at https://github.com/OpenPrinting/cups/issues\n  In particular CUPS 2.4.11 contains those commit regarding\n  IPP response validation and processing PPD values:\n  * \"Quote PPD localized strings\"\n    https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd\n    plus a cleanup to \"Fix warnings for unused vars\"\n    https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b\n\n- Version upgrade to 2.4.10:\n  See https://github.com/openprinting/cups/releases\n  CUPS 2.4.10 brings two fixes:\n  * Fixed error handling when reading a mixed 1setOf attribute.\n  * Fixed scheduler start if there is only domain socket\n    to listen on (Issue #985) which is fix for regression\n    after fix for CVE-2024-35235 in scenarios where is\n    no other listeners in cupsd.conf than domain socket\n    created on demand by systemd, launchd or upstart.\n  Issues are those at https://github.com/OpenPrinting/cups/issues\n- Version upgrade to 2.4.9:\n  See https://github.com/openprinting/cups/releases\n  CUPS 2.4.9 brings security fix for CVE-2024-35235 and\n  several bug fixes regarding CUPS Web User Interface,\n  PPD generation and HTTP protocol implementation.\n  Detailed list (from CHANGES.md):\n  * Fixed domain socket handling (CVE-2024-35235)\n  * Fixed creating of `cupsUrfSupported` PPD keyword\n    (Issue #952)\n  * Fixed searching for destinations in web ui (Issue #954)\n  * Fixed TLS negotiation using OpenSSL with servers\n    that require the TLS SNI extension.\n  * Really raised `cups_enum_dests()` timeout for listing\n    available IPP printers (Issue #751)...\n  * Fixed `Host` header regression (Issue #967)\n  * Fixed DNS-SD lookups of local services with Avahi\n    (Issue #970)\n  * Fixed listing jobs in destinations in web ui.\n    (Apple issue #6204)\n  * Fixed showing search query in web ui help page.\n    (Issue #977)\n  Issues are those at https://github.com/OpenPrinting/cups/issues\n  Apple issues are those at https://github.com/apple/cups/issues\n\n- Update to version 2.4.8:\n  See https://github.com/openprinting/cups/releases\n  CUPS 2.4.8 brings many bug fixes which aggregated over the last\n  half a year. It brings the important fix for race conditions\n  and errors which can happen when installing permanent\n  IPP Everywhere printer, support for PAM modules password-auth\n  and system-auth and new option for lpstat which can show only\n  the successful jobs.\n  Detailed list (from CHANGES.md):\n  * Added warning if the device has to be asked for\n    \u0027all,media-col-database\u0027 separately (Issue #829)\n  * Added new value for \u0027lpstat\u0027 option \u0027-W\u0027 - successfull - for\n    getting successfully printed jobs (Issue #830)\n  * Added support for PAM modules password-auth\n    and system-auth (Issue #892)\n  * Updated IPP Everywhere printer creation error\n    reporting (Issue #347)\n  * Updated and documented the MIME typing buffering\n    limit (Issue #925)\n  * Raised \u0027cups_enum_dests()\u0027 timeout for listing\n    available IPP printers (Issue #751)\n  * Now report an error for temporary printer defaults\n    with lpadmin (Issue #237)\n  * Fixed mapping of PPD InputSlot, MediaType,\n    and OutputBin values (Issue #238)\n  * Fixed \"document-unprintable-error\" handling (Issue #391)\n  * Fixed the web interface not showing an error\n    for a non-existent printer (Issue #423)\n  * Fixed printing of jobs with job name longer than 255 chars\n    on older printers (Issue #644)\n  * Really backported fix for Issue #742\n  * Fixed \u0027cupsCopyDestInfo\u0027 device connection\n    detection (Issue #586)\n  * Fixed \"Upgrade\" header handling when there is\n    no TLS support (Issue #775)\n  * Fixed memory leak when unloading a job (Issue #813)\n  * Fixed memory leak when creating color profiles (Issue #815)\n  * Fixed a punch finishing bug in the IPP Everywhere\n    support (Issue #821)\n  * Fixed crash in \u0027scan_ps()\u0027 if incoming argument\n    is NULL (Issue #831)\n  * Fixed setting job state reasons for successful\n    jobs (Issue #832)\n  * Fixed infinite loop in IPP backend if hostname\n    is IP address with Kerberos (Issue #838)\n  * Added additional check on socket if \u0027revents\u0027 from \u0027poll()\u0027\n    returns POLLHUP together with POLLIN or POLLOUT\n    in \u0027httpAddrConnect2()\u0027 (Issue #839)\n  * Fixed crash in \u0027ppdEmitString()\u0027 if \u0027size\u0027 is NULL (Issue #850)\n  * Fixed reporting \u0027media-source-supported\u0027 when\n    sharing printer  which has numbers as strings instead of\n    keywords as \u0027InputSlot\u0027 values (Issue #859)\n  * Fixed IPP backend to support the \"print-scaling\" option\n    with IPP printers (Issue #862)\n  * Fixed potential race condition for the creation\n    of temporary queues (Issue #871)\n  * Fixed \u0027httpGets\u0027 timeout handling (Issue #879)\n  * Fixed checking for required attributes during\n    PPD generation (Issue #890)\n  * Fixed encoding of IPv6 addresses in HTTP requests (Issue #903)\n  * Fixed sending response headers to client (Issue #927)\n  * Fixed CGI program initialization and validation\n    of form checkbox and text fields.\n  Issues are those at https://github.com/OpenPrinting/cups/issues\n\n- Version upgrade to 2.4.7:\n  See https://github.com/openprinting/cups/releases\n  CUPS 2.4.7 is released to ship the fix for CVE-2023-4504\n  and several other changes, among them it is\n  adding OpenSSL support for cupsHashData function and bug fixes.\n  Detailed list:\n  * CVE-2023-4504 - Fixed Heap-based buffer overflow when\n    reading Postscript in PPD files\n  * Added OpenSSL support for cupsHashData (Issue #762)\n  * Fixed delays in lpd backend (Issue #741)\n  * Fixed extensive logging in scheduler (Issue #604)\n  * Fixed hanging of lpstat on IBM AIX (Issue #773)\n  * Fixed hanging of lpstat on Solaris (Issue #156)\n  * Fixed printing to stderr if we can\u0027t open cups-files.conf\n    (Issue #777)\n  * Fixed purging job files via cancel -x (Issue #742)\n  * Fixed RFC 1179 port reserving behavior in LPD backend\n    (Issue #743)\n  * Fixed a bug in the PPD command interpretation code\n    (Issue #768)\n  Issues are those at https://github.com/OpenPrinting/cups/issues\n- Version upgrade to 2.4.6:\n  See https://github.com/openprinting/cups/releases\n  CUPS 2.4.6 is released to ship the fix for CVE-2023-34241\n  and two other bug fixes.\n  Detailed list:\n  * Fix linking error on old MacOS (Issue #715)\n  * Fix printing multiple files on specific printers (Issue #643)\n  * Fix use-after-free when logging warnings in case of failures\n    in cupsdAcceptClient() (fixes CVE-2023-34241)\n  Issues are those at https://github.com/OpenPrinting/cups/issues\n- Version upgrade to 2.4.5:\n  See https://github.com/openprinting/cups/releases\n  CUPS 2.4.5 is a hotfix release for a bug which corrupted\n  locally saved certificates, which broke secured printing\n  via TLS after the first print job.\n- Version upgrade to 2.4.4:\n  See https://github.com/openprinting/cups/releases\n  CUPS 2.4.4 release is created as a hotfix for segfault\n  in cupsGetNamedDest(), when caller tries to find\n  the default destination and the default destination\n  is not set on the machine.\n- Version upgrade to 2.4.3:\n  See https://github.com/openprinting/cups/releases\n  CUPS 2.4.3 brings fix for CVE-2023-32324, several improvements\n  and many bug fixes. CUPS now implements fallback for printers\n  with broken firmware, which is not capable of answering\n  to IPP request get-printer-attributes with all,\n  media-col-database - this enables driverless support for\n  bunch of printers which don\u0027t follow IPP Everywhere standard.\n  Aside from the CVE fix the most important fixes are around color\n  settings, printer application support fixes and OpenSSL support.\n  Detailed list of changes:\n  * Added a title with device uri for found network printers\n    (Issues #402, #393)\n  * Added new media sizes defined by IANA (Issues #501)\n  * Added quirk for GoDEX label printers (Issue #440)\n  * Fixed --enable-libtool-unsupported (Issue #394)\n  * Fixed configuration on RISC-V machines (Issue #404)\n  * Fixed the device_uri invalid pointer for driverless printers\n    with .local hostname (Issue #419)\n  * Fixed an OpenSSL crash bug (Issue #409)\n  * Fixed a potential SNMP OID value overflow issue (Issue #431)\n  * Fixed an OpenSSL certificate loading issue (Issue #465)\n  * Fixed Brazilian Portuguese translations (Issue #288)\n  * Fixed cupsd default keychain location when building\n    with OpenSSL (Issue #529)\n  * Fixed default color settings for CMYK printers as well\n    (Issue #500)\n  * Fixed duplicate PPD2IPP media-type names (Issue #688)\n  * Fixed possible heap buffer overflow in _cups_strlcpy()\n    (fixes CVE-2023-32324)\n  * Fixed InputSlot heuristic for photo sizes smaller than 5x7\"\n    if there is no media-source in the request (Issue #569)\n  * Fixed invalid memory access during generating IPP Everywhere\n    queue (Issue #466)\n  * Fixed lprm if no destination is provided (Issue #457)\n  * Fixed memory leaks in create_local_bg_thread() (Issue #466)\n  * Fixed media size tolerance in ippeveprinter (Issue #487)\n  * Fixed passing command name without path into ippeveprinter\n    (Issue #629)\n  * Fixed saving strings file path in printers.conf (Issue #710)\n  * Fixed TLS certificate generation bugs (Issue #652)\n  * ippDeleteValues would not delete the last value (Issue #556)\n  * Ignore some of IPP defaults if the application sends\n    its PPD alternative (Issue #484)\n  * Make Letter the default size in ippevepcl (Issue #543)\n  * Now accessing Admin page in Web UI requires authentication\n    (Issue #518)\n  * Now look for default printer on network if needed (Issue #452)\n  * Now we poll media-col-database separately if we fail at first\n    (Issue #599)\n  * Now report fax attributes and values as needed (Issue #459)\n  * Now localize HTTP responses using the Content-Language value\n    (Issue #426)\n  * Raised file size limit for importing PPD via Web UI\n    (Issue #433)\n  * Raised maximum listen backlog size to INT MAX (Issue #626)\n  * Update print-color-mode if the printer is modified\n    via ColorModel PPD option (Issue #451)\n  * Use localhost when printing via printer application\n    (Issue #353)\n  * Write defaults into /etc/cups/lpoptions if we\u0027re root\n    (Issue #456)\n  Issues are those at https://github.com/OpenPrinting/cups/issues\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Micro-6.0-122",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20090-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:20090-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520090-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:20090-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021226.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1219503",
        "url": "https://bugzilla.suse.com/1219503"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1225365",
        "url": "https://bugzilla.suse.com/1225365"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-32324 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-32324/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-32360 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-32360/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-34241 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-34241/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-4504 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-4504/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-35235 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-35235/"
      }
    ],
    "title": "Security update for cups",
    "tracking": {
      "current_release_date": "2025-02-03T09:10:07Z",
      "generator": {
        "date": "2025-02-03T09:10:07Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:20090-1",
      "initial_release_date": "2025-02-03T09:10:07Z",
      "revision_history": [
        {
          "date": "2025-02-03T09:10:07Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cups-config-2.4.11-1.1.aarch64",
                "product": {
                  "name": "cups-config-2.4.11-1.1.aarch64",
                  "product_id": "cups-config-2.4.11-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libcups2-2.4.11-1.1.aarch64",
                "product": {
                  "name": "libcups2-2.4.11-1.1.aarch64",
                  "product_id": "libcups2-2.4.11-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cups-config-2.4.11-1.1.s390x",
                "product": {
                  "name": "cups-config-2.4.11-1.1.s390x",
                  "product_id": "cups-config-2.4.11-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libcups2-2.4.11-1.1.s390x",
                "product": {
                  "name": "libcups2-2.4.11-1.1.s390x",
                  "product_id": "libcups2-2.4.11-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cups-config-2.4.11-1.1.x86_64",
                "product": {
                  "name": "cups-config-2.4.11-1.1.x86_64",
                  "product_id": "cups-config-2.4.11-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libcups2-2.4.11-1.1.x86_64",
                "product": {
                  "name": "libcups2-2.4.11-1.1.x86_64",
                  "product_id": "libcups2-2.4.11-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Micro 6.0",
                "product": {
                  "name": "SUSE Linux Micro 6.0",
                  "product_id": "SUSE Linux Micro 6.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sl-micro:6.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cups-config-2.4.11-1.1.aarch64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64"
        },
        "product_reference": "cups-config-2.4.11-1.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cups-config-2.4.11-1.1.s390x as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x"
        },
        "product_reference": "cups-config-2.4.11-1.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cups-config-2.4.11-1.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64"
        },
        "product_reference": "cups-config-2.4.11-1.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcups2-2.4.11-1.1.aarch64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64"
        },
        "product_reference": "libcups2-2.4.11-1.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcups2-2.4.11-1.1.s390x as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x"
        },
        "product_reference": "libcups2-2.4.11-1.1.s390x",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libcups2-2.4.11-1.1.x86_64 as component of SUSE Linux Micro 6.0",
          "product_id": "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
        },
        "product_reference": "libcups2-2.4.11-1.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-32324",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-32324"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-32324",
          "url": "https://www.suse.com/security/cve/CVE-2023-32324"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211643 for CVE-2023-32324",
          "url": "https://bugzilla.suse.com/1211643"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-03T09:10:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-32324"
    },
    {
      "cve": "CVE-2023-32360",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-32360"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-32360",
          "url": "https://www.suse.com/security/cve/CVE-2023-32360"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1214254 for CVE-2023-32360",
          "url": "https://bugzilla.suse.com/1214254"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-03T09:10:07Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-32360"
    },
    {
      "cve": "CVE-2023-34241",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-34241"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.\n\nThe exact cause of this issue is the function `httpClose(con-\u003ehttp)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.\n\nVersion 2.4.6 has a patch for this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-34241",
          "url": "https://www.suse.com/security/cve/CVE-2023-34241"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1212230 for CVE-2023-34241",
          "url": "https://bugzilla.suse.com/1212230"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1217457 for CVE-2023-34241",
          "url": "https://bugzilla.suse.com/1217457"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218317 for CVE-2023-34241",
          "url": "https://bugzilla.suse.com/1218317"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-03T09:10:07Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-34241"
    },
    {
      "cve": "CVE-2023-4504",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-4504"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-4504",
          "url": "https://www.suse.com/security/cve/CVE-2023-4504"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1215204 for CVE-2023-4504",
          "url": "https://bugzilla.suse.com/1215204"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1217457 for CVE-2023-4504",
          "url": "https://bugzilla.suse.com/1217457"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1217553 for CVE-2023-4504",
          "url": "https://bugzilla.suse.com/1217553"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218317 for CVE-2023-4504",
          "url": "https://bugzilla.suse.com/1218317"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218347 for CVE-2023-4504",
          "url": "https://bugzilla.suse.com/1218347"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1221585 for CVE-2023-4504",
          "url": "https://bugzilla.suse.com/1221585"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-03T09:10:07Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-4504"
    },
    {
      "cve": "CVE-2024-35235",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-35235"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
          "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
          "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-35235",
          "url": "https://www.suse.com/security/cve/CVE-2024-35235"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1225365 for CVE-2024-35235",
          "url": "https://bugzilla.suse.com/1225365"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:cups-config-2.4.11-1.1.x86_64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.aarch64",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.s390x",
            "SUSE Linux Micro 6.0:libcups2-2.4.11-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-02-03T09:10:07Z",
          "details": "important"
        }
      ],
      "title": "CVE-2024-35235"
    }
  ]
}

CVE-2023-32324 (GCVE-0-2023-32324)

Vulnerability from cvelistv5

Published

2023-06-01 16:04

Modified

2025-02-13 16:50

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-122 - Heap-based Buffer Overflow
CWE-787 - Out-of-bounds Write

Summary

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.

References

►

URL

Tags

	https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html

Impacted products

	Vendor	Product	Version
	OpenPrinting	cups	Version: <= 2.4.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:10:24.898Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32324",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-08T21:43:15.624616Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-08T21:43:26.931Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cups",
          "vendor": "OpenPrinting",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 2.4.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787: Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-01T16:05:06.955Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html"
        }
      ],
      "source": {
        "advisory": "GHSA-cxc6-w2g7-69p7",
        "discovery": "UNKNOWN"
      },
      "title": "OpenPrinting CUPS vulnerable to heap buffer overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-32324",
    "datePublished": "2023-06-01T16:04:10.994Z",
    "dateReserved": "2023-05-08T13:26:03.880Z",
    "dateUpdated": "2025-02-13T16:50:32.934Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-4504 (GCVE-0-2023-4504)

Vulnerability from cvelistv5

Published

2023-09-21 22:47

Modified

2025-04-23 16:16

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Summary

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.

References

►

URL

Tags

	https://takeonme.org/cves/CVE-2023-4504.html	technical-description, third-party-advisory
	https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6	vendor-advisory
	https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h	vendor-advisory
	https://github.com/OpenPrinting/cups/releases/tag/v2.4.7	release-notes
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/
	https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/

Impacted products

Vendor

Product

Version

►

Version: 0 ≤

Version: 0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:05.906Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "technical-description",
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://takeonme.org/cves/CVE-2023-4504.html"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h"
          },
          {
            "tags": [
              "release-notes",
              "x_transferred"
            ],
            "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-4504",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:29:05.900883Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:16:13.304Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CUPS",
          "vendor": "OpenPrinting",
          "versions": [
            {
              "lessThan": "2.4.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "libppd",
          "vendor": "OpenPrinting",
          "versions": [
            {
              "lessThan": "d09348b",
              "status": "affected",
              "version": "0",
              "versionType": "git"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "zenofex"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "WanderingGlitch"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Austin Hackers Anonymous!"
        }
      ],
      "datePublic": "2023-09-20T12:35:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-07T02:06:38.717Z",
        "orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
        "shortName": "AHA"
      },
      "references": [
        {
          "tags": [
            "technical-description",
            "third-party-advisory"
          ],
          "url": "https://takeonme.org/cves/CVE-2023-4504.html"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.7"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
    "assignerShortName": "AHA",
    "cveId": "CVE-2023-4504",
    "datePublished": "2023-09-21T22:47:41.879Z",
    "dateReserved": "2023-08-23T21:14:04.183Z",
    "dateUpdated": "2025-04-23T16:16:13.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35235 (GCVE-0-2024-35235)

Vulnerability from cvelistv5

Published

2024-06-11 14:13

Modified

2025-02-21 16:56

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
CWE-252 - Unchecked Return Value

Summary

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue.

References

►

URL

Tags

	https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f	x_refsource_CONFIRM
	https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d	x_refsource_MISC
	https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21	x_refsource_MISC
	https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2024/06/11/1
	http://www.openwall.com/lists/oss-security/2024/06/12/4
	http://www.openwall.com/lists/oss-security/2024/06/12/5
	https://lists.debian.org/debian-lts-announce/2024/06/msg00001.html

Impacted products

	Vendor	Product	Version
	OpenPrinting	cups	Version: <= 2.4.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cups",
            "vendor": "openprinting",
            "versions": [
              {
                "lessThanOrEqual": "2.4.8",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35235",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-11T17:02:39.998197Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-21T16:56:42.752Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-08T06:03:26.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f"
          },
          {
            "name": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d"
          },
          {
            "name": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21"
          },
          {
            "name": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/11/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/12/4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/12/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00001.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/11/08/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cups",
          "vendor": "OpenPrinting",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 2.4.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252: Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-14T03:06:28.702Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f"
        },
        {
          "name": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d"
        },
        {
          "name": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21"
        },
        {
          "name": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/11/1"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/12/4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/12/5"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00001.html"
        }
      ],
      "source": {
        "advisory": "GHSA-vvwp-mv6j-hw6f",
        "discovery": "UNKNOWN"
      },
      "title": "Cupsd Listen arbitrary chmod 0140777"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-35235",
    "datePublished": "2024-06-11T14:13:23.771Z",
    "dateReserved": "2024-05-14T15:39:41.785Z",
    "dateUpdated": "2025-02-21T16:56:42.752Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-34241 (GCVE-0-2023-34241)

Vulnerability from cvelistv5

Published

2023-06-22 22:39

Modified

2025-02-13 16:55

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-416 - Use After Free

Summary

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue.

References

►

URL

Tags

	https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25	x_refsource_CONFIRM
	https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2	x_refsource_MISC
	https://github.com/OpenPrinting/cups/releases/tag/v2.4.6	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2023/06/23/10
	http://www.openwall.com/lists/oss-security/2023/06/26/1
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/
	https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/
	https://support.apple.com/kb/HT213843
	https://support.apple.com/kb/HT213844
	https://support.apple.com/kb/HT213845

Impacted products

	Vendor	Product	Version
	OpenPrinting	cups	Version: >= 2.0.0, < 2.4.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:01:54.315Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25"
          },
          {
            "name": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2"
          },
          {
            "name": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/23/10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/06/26/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213843"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213844"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213845"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-34241",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-10T20:49:43.499652Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-10T20:49:51.464Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cups",
          "vendor": "OpenPrinting",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.4.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.\n\nThe exact cause of this issue is the function `httpClose(con-\u003ehttp)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.\n\nVersion 2.4.6 has a patch for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-28T20:06:34.910Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25"
        },
        {
          "name": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2"
        },
        {
          "name": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/06/23/10"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/06/26/1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/"
        },
        {
          "url": "https://support.apple.com/kb/HT213843"
        },
        {
          "url": "https://support.apple.com/kb/HT213844"
        },
        {
          "url": "https://support.apple.com/kb/HT213845"
        }
      ],
      "source": {
        "advisory": "GHSA-qjgh-5hcq-5f25",
        "discovery": "UNKNOWN"
      },
      "title": "CUPS vulnerable to use-after-free in cupsdAcceptClient()"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-34241",
    "datePublished": "2023-06-22T22:39:32.400Z",
    "dateReserved": "2023-05-31T13:51:51.171Z",
    "dateUpdated": "2025-02-13T16:55:24.787Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-32360 (GCVE-0-2023-32360)

Vulnerability from cvelistv5

Published

2023-06-23 00:00

Modified

2025-02-13 16:50

Severity ?

CWE

An unauthenticated user may be able to access recently printed documents

Summary

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.

References

►

URL

Tags

	https://support.apple.com/en-us/HT213758
	https://support.apple.com/en-us/HT213759
	https://support.apple.com/en-us/HT213760
	https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html

Impacted products

Vendor

Product

Version

►

Apple

macOS

Version: unspecified < 13.4

	Apple	macOS	Version: unspecified < 12.6
	Apple	macOS	Version: unspecified < 11.7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:10:24.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213758"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213759"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT213760"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32360",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T16:47:20.480304Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T16:47:52.318Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "13.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "12.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An unauthenticated user may be able to access recently printed documents",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-30T19:06:07.860Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT213758"
        },
        {
          "url": "https://support.apple.com/en-us/HT213759"
        },
        {
          "url": "https://support.apple.com/en-us/HT213760"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-32360",
    "datePublished": "2023-06-23T00:00:00.000Z",
    "dateReserved": "2023-05-08T00:00:00.000Z",
    "dateUpdated": "2025-02-13T16:50:36.008Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2025:20090-1

Vulnerability from csaf_suse

CVE-2023-32324 (GCVE-0-2023-32324)

Vulnerability from cvelistv5

CVE-2023-4504 (GCVE-0-2023-4504)

Vulnerability from cvelistv5

CVE-2024-35235 (GCVE-0-2024-35235)

Vulnerability from cvelistv5

CVE-2023-34241 (GCVE-0-2023-34241)

Vulnerability from cvelistv5

CVE-2023-32360 (GCVE-0-2023-32360)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature