Fedora 39: libcupsfilters 2024-cf6ab63871 Security Advisory Updates
Summary
Libcupsfilters provides a library, which implements common functions used
in cups-browsed daemon and printing filters, and additional files
as banner templates and character sets. The filters are used in CUPS daemon
and in printer applications.
Update Information:
Fix for remote vulnerabilities against OpenPrinting cups-filters
Change Log
* Thu Sep 26 2024 Justin M. Forbes
References
[ 1 ] Bug #2314996 - [Major Incident] CVE-2024-47176 cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2314996
[ 2 ] Bug #2314999 - [Major Incident] CVE-2024-47076 libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2314999
[ 3 ] Bug #2315002 - [Major Incident] CVE-2024-47175 libppd: remote command injection via attacker controlled data in PPD file [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2315002
[ 4 ] Bug #2315003 - [Major Incident] CVE-2024-47177 cups-filters: foomatic-rip in cups-filters allows arbitrary command execution via the FoomaticRIPCommandLine PPD parameter [fedora-39]
https://bugzilla.redhat.com/show_bug.cgi?id=2315003
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-cf6ab63871' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label