Serial number: AV24-551
Date: October 1, 2024
On September 26, 2024, OpenPrinting published security updates to address vulnerabilities in the following product:
- Common UNIX Printing Systems (CUPS) – version 2.1b1 and prior, version 2.0.1 and prior
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary update.
- Multiple bugs leading to info leak and remote code execution
- Command injection via FoomaticRIPCommandLine
- ppdCreatePPDFromIPP2 does not sanitize IPP attributes when creating the PPD buffer
- cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server
- RHSB-2024-002 - OpenPrinting cups-filters
- Red Hat’s response to OpenPrinting CUPS vulnerabilities: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177
- CUPS Remote Code Execution Vulnerability Fix Available