{"schema_version":"1.7.2","id":"OESA-2024-2246","modified":"2024-10-12T11:09:21Z","published":"2024-10-12T11:09:21Z","upstream":["CVE-2024-47076","CVE-2024-47175","CVE-2024-47176","CVE-2024-47850"],"summary":"cups-filters security update","details":"This project provides backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters and software developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrinting and a daemon to browse Bonjour broadcasts of remote CUPS printers to make these printers available locally and to provide backward compatibility to the old CUPS broadcasting and browsing of CUPS 1.5.x and older.\r\n\r\nSecurity Fix(es):\r\n\r\nCUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.(CVE-2024-47076)\r\n\r\nCUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.(CVE-2024-47175)\r\n\r\nCUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.(CVE-2024-47176)\r\n\r\nCUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)(CVE-2024-47850)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"cups-filters","purl":"pkg:rpm/openEuler/cups-filters\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.28.9-5.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["cups-filters-1.28.9-5.oe2203sp1.aarch64.rpm","cups-filters-debuginfo-1.28.9-5.oe2203sp1.aarch64.rpm","cups-filters-debugsource-1.28.9-5.oe2203sp1.aarch64.rpm","cups-filters-devel-1.28.9-5.oe2203sp1.aarch64.rpm"],"noarch":["cups-filters-help-1.28.9-5.oe2203sp1.noarch.rpm"],"src":["cups-filters-1.28.9-5.oe2203sp1.src.rpm"],"x86_64":["cups-filters-1.28.9-5.oe2203sp1.x86_64.rpm","cups-filters-debuginfo-1.28.9-5.oe2203sp1.x86_64.rpm","cups-filters-debugsource-1.28.9-5.oe2203sp1.x86_64.rpm","cups-filters-devel-1.28.9-5.oe2203sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS","name":"cups-filters","purl":"pkg:rpm/openEuler/cups-filters\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.28.15-4.oe2403"}]}],"ecosystem_specific":{"aarch64":["cups-filters-1.28.15-4.oe2403.aarch64.rpm","cups-filters-debuginfo-1.28.15-4.oe2403.aarch64.rpm","cups-filters-debugsource-1.28.15-4.oe2403.aarch64.rpm","cups-filters-devel-1.28.15-4.oe2403.aarch64.rpm"],"noarch":["cups-filters-help-1.28.15-4.oe2403.noarch.rpm"],"src":["cups-filters-1.28.15-4.oe2403.src.rpm"],"x86_64":["cups-filters-1.28.15-4.oe2403.x86_64.rpm","cups-filters-debuginfo-1.28.15-4.oe2403.x86_64.rpm","cups-filters-debugsource-1.28.15-4.oe2403.x86_64.rpm","cups-filters-devel-1.28.15-4.oe2403.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"cups-filters","purl":"pkg:rpm/openEuler/cups-filters\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.28.9-5.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["cups-filters-1.28.9-5.oe2203sp4.aarch64.rpm","cups-filters-debuginfo-1.28.9-5.oe2203sp4.aarch64.rpm","cups-filters-debugsource-1.28.9-5.oe2203sp4.aarch64.rpm","cups-filters-devel-1.28.9-5.oe2203sp4.aarch64.rpm"],"noarch":["cups-filters-help-1.28.9-5.oe2203sp4.noarch.rpm"],"src":["cups-filters-1.28.9-5.oe2203sp4.src.rpm"],"x86_64":["cups-filters-1.28.9-5.oe2203sp4.x86_64.rpm","cups-filters-debuginfo-1.28.9-5.oe2203sp4.x86_64.rpm","cups-filters-debugsource-1.28.9-5.oe2203sp4.x86_64.rpm","cups-filters-devel-1.28.9-5.oe2203sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"cups-filters","purl":"pkg:rpm/openEuler/cups-filters\u0026distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.28.9-5.oe2203sp3"}]}],"ecosystem_specific":{"aarch64":["cups-filters-1.28.9-5.oe2203sp3.aarch64.rpm","cups-filters-debuginfo-1.28.9-5.oe2203sp3.aarch64.rpm","cups-filters-debugsource-1.28.9-5.oe2203sp3.aarch64.rpm","cups-filters-devel-1.28.9-5.oe2203sp3.aarch64.rpm"],"noarch":["cups-filters-help-1.28.9-5.oe2203sp3.noarch.rpm"],"src":["cups-filters-1.28.9-5.oe2203sp3.src.rpm"],"x86_64":["cups-filters-1.28.9-5.oe2203sp3.x86_64.rpm","cups-filters-debuginfo-1.28.9-5.oe2203sp3.x86_64.rpm","cups-filters-debugsource-1.28.9-5.oe2203sp3.x86_64.rpm","cups-filters-devel-1.28.9-5.oe2203sp3.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"cups-filters","purl":"pkg:rpm/openEuler/cups-filters\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.26.1-6.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["cups-filters-1.26.1-6.oe2003sp4.aarch64.rpm","cups-filters-debuginfo-1.26.1-6.oe2003sp4.aarch64.rpm","cups-filters-debugsource-1.26.1-6.oe2003sp4.aarch64.rpm","cups-filters-devel-1.26.1-6.oe2003sp4.aarch64.rpm"],"noarch":["cups-filters-help-1.26.1-6.oe2003sp4.noarch.rpm"],"src":["cups-filters-1.26.1-6.oe2003sp4.src.rpm"],"x86_64":["cups-filters-1.26.1-6.oe2003sp4.x86_64.rpm","cups-filters-debuginfo-1.26.1-6.oe2003sp4.x86_64.rpm","cups-filters-debugsource-1.26.1-6.oe2003sp4.x86_64.rpm","cups-filters-devel-1.26.1-6.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2246"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47076"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47175"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47176"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-47850"}],"database_specific":{"severity":"High"}}