An update for cups-filters is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2246 Final 1.0 1.0 2024-10-12 Initial 2024-10-12 2024-10-12 openEuler SA Tool V1.0 2024-10-12 cups-filters security update An update for cups-filters is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4 This project provides backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters and software developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrinting and a daemon to browse Bonjour broadcasts of remote CUPS printers to make these printers available locally and to provide backward compatibility to the old CUPS broadcasting and browsing of CUPS 1.5.x and older. Security Fix(es): CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.(CVE-2024-47076) CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.(CVE-2024-47175) CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.(CVE-2024-47176) CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)(CVE-2024-47850) An update for cups-filters is now available for openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High cups-filters https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2246 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47076 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47175 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47176 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-47850 https://nvd.nist.gov/vuln/detail/CVE-2024-47076 https://nvd.nist.gov/vuln/detail/CVE-2024-47175 https://nvd.nist.gov/vuln/detail/CVE-2024-47176 https://nvd.nist.gov/vuln/detail/CVE-2024-47850 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 cups-filters-1.28.9-5.oe2203sp1.src.rpm cups-filters-1.28.15-4.oe2403.src.rpm cups-filters-1.28.9-5.oe2203sp4.src.rpm cups-filters-1.28.9-5.oe2203sp3.src.rpm cups-filters-1.26.1-6.oe2003sp4.src.rpm cups-filters-1.28.9-5.oe2203sp1.x86_64.rpm cups-filters-debuginfo-1.28.9-5.oe2203sp1.x86_64.rpm cups-filters-debugsource-1.28.9-5.oe2203sp1.x86_64.rpm cups-filters-devel-1.28.9-5.oe2203sp1.x86_64.rpm cups-filters-1.28.15-4.oe2403.x86_64.rpm cups-filters-debuginfo-1.28.15-4.oe2403.x86_64.rpm cups-filters-debugsource-1.28.15-4.oe2403.x86_64.rpm cups-filters-devel-1.28.15-4.oe2403.x86_64.rpm cups-filters-1.28.9-5.oe2203sp4.x86_64.rpm cups-filters-debuginfo-1.28.9-5.oe2203sp4.x86_64.rpm cups-filters-debugsource-1.28.9-5.oe2203sp4.x86_64.rpm cups-filters-devel-1.28.9-5.oe2203sp4.x86_64.rpm cups-filters-1.28.9-5.oe2203sp3.x86_64.rpm cups-filters-debuginfo-1.28.9-5.oe2203sp3.x86_64.rpm cups-filters-debugsource-1.28.9-5.oe2203sp3.x86_64.rpm cups-filters-devel-1.28.9-5.oe2203sp3.x86_64.rpm cups-filters-1.26.1-6.oe2003sp4.x86_64.rpm cups-filters-debuginfo-1.26.1-6.oe2003sp4.x86_64.rpm cups-filters-debugsource-1.26.1-6.oe2003sp4.x86_64.rpm cups-filters-devel-1.26.1-6.oe2003sp4.x86_64.rpm cups-filters-help-1.28.9-5.oe2203sp1.noarch.rpm cups-filters-help-1.28.15-4.oe2403.noarch.rpm cups-filters-help-1.28.9-5.oe2203sp4.noarch.rpm cups-filters-help-1.28.9-5.oe2203sp3.noarch.rpm cups-filters-help-1.26.1-6.oe2003sp4.noarch.rpm cups-filters-1.28.9-5.oe2203sp1.aarch64.rpm cups-filters-debuginfo-1.28.9-5.oe2203sp1.aarch64.rpm cups-filters-debugsource-1.28.9-5.oe2203sp1.aarch64.rpm cups-filters-devel-1.28.9-5.oe2203sp1.aarch64.rpm cups-filters-1.28.15-4.oe2403.aarch64.rpm cups-filters-debuginfo-1.28.15-4.oe2403.aarch64.rpm cups-filters-debugsource-1.28.15-4.oe2403.aarch64.rpm cups-filters-devel-1.28.15-4.oe2403.aarch64.rpm cups-filters-1.28.9-5.oe2203sp4.aarch64.rpm cups-filters-debuginfo-1.28.9-5.oe2203sp4.aarch64.rpm cups-filters-debugsource-1.28.9-5.oe2203sp4.aarch64.rpm cups-filters-devel-1.28.9-5.oe2203sp4.aarch64.rpm cups-filters-1.28.9-5.oe2203sp3.aarch64.rpm cups-filters-debuginfo-1.28.9-5.oe2203sp3.aarch64.rpm cups-filters-debugsource-1.28.9-5.oe2203sp3.aarch64.rpm cups-filters-devel-1.28.9-5.oe2203sp3.aarch64.rpm cups-filters-1.26.1-6.oe2003sp4.aarch64.rpm cups-filters-debuginfo-1.26.1-6.oe2003sp4.aarch64.rpm cups-filters-debugsource-1.26.1-6.oe2003sp4.aarch64.rpm cups-filters-devel-1.26.1-6.oe2003sp4.aarch64.rpm CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system. 2024-10-12 CVE-2024-47076 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 High 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N cups-filters security update 2024-10-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2246 CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176. 2024-10-12 CVE-2024-47175 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 High 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N cups-filters security update 2024-10-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2246 CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL.Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicious printer to the system. This chain of exploits ultimately enables an attacker to execute arbitrary commands remotely on the target machine without authentication when a print job is started. This poses a significant security risk over the network. Notably, this vulnerability is particularly concerning as it can be exploited from the public internet, potentially exposing a vast number of systems to remote attacks if their CUPS services are enabled. 2024-10-12 CVE-2024-47176 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 High 8.3 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H cups-filters security update 2024-10-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2246 CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.) 2024-10-12 CVE-2024-47850 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cups-filters security update 2024-10-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2246