[SECURITY] [DLA 3904-1] cups security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3904-1] cups security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 29 Sep 2024 21:24:43 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2409292121440.4753@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3904-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 29, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : cups
Version        : 2.3.3op2-3+deb11u9
CVE ID         : CVE-2024-47175


Simone Margaritelli reported that cups, the Common UNIX Printing System,
does not properly sanitize IPP attributes when creating PPD files, which
may result in the execution of arbitrary code.


For Debian 11 bullseye, this problem has been fixed in version
2.3.3op2-3+deb11u9.

We recommend that you upgrade your cups packages.

For the detailed security status of cups please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cups

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmb5xZtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeAmBAAhFDkyIEIjlp2BUKz/fUftK9H11mbdfy0N5l34qBt3yp9VZUAWXeNQoPR
MHLZtk8H3YY+SZGMS8KviBjksWSs6OFwgHGOyoc9W0L7GQkCVNF4yPOOtSUYmMiq
hAqeriZxBhLqt5i1ohMouGtHvklfGydlA0afuiWLBRGAqGBuciCziBNaIkOvinlD
WdKO2+rYGwWaY7DYzrImSbbsDjyyFur8L3JpaQ3l99ddvpROYNQ1JlvmD0iaio20
mDf/yJBAPmoFfiqYGqGLK9M+PI8cq3cZfw2Vbrc2euSmQismjMO59so4AvZyVfqv
tJ9E20usoFFnrTSZrSIiakJAT2ABcMsmiFEpo2jpPUkCmP9+V5y5x3RrlpO94/eI
esVQa6StxBj13v/RzJFMzNIvtGIawGbz2aFLHMqqQCa7DHfCdv87DibXERs2O25R
dwreLjuqmkbGmcrvdrSnN123NvSGF1syJA7mwhsGZ2h1/34f/OxAfNH1slFt+7Fw
nKjgkvpj5PHjd3YgoMIu5/XgJQiRvlkoLI6/nX/6l3vhn3m7Ly4PYd2xNdR2sVKx
TvqjxM7yktwqVWN/JTeCpV+6hTsstPN6nAZ8MmlgJ/TK1trMcv0f0X6DqDsi6+Sf
ONACISP56P5S1WEG7RL8y831rDg0REUUnD8KTmIXBGAO3lYNPUA=
=jOci
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3903-1] unbound security update
Next by Date: [SECURITY] [DLA 3905-1] cups-filters security update
Previous by thread: [SECURITY] [DLA 3903-1] unbound security update
Next by thread: [SECURITY] [DLA 3905-1] cups-filters security update
Index(es):
- Date
- Thread