[SECURITY] [DLA 3905-1] cups-filters security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3905-1] cups-filters security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 29 Sep 2024 21:28:32 +0000 (UTC)
Message-id: <[🔎] alpine.DEB.2.21.2409292126560.6042@postfach.intern.alteholz.me>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3905-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 29, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : cups-filters
Version        : 1.28.7-1+deb11u3
CVE ID         : CVE-2024-47076 CVE-2024-47176
Debian Bug     : 1082820 1082827


Simone Margaritelli reported several vulnerabilities in cups-filters.
Missing validation of IPP attributes returned from an IPP server and
multiple bugs in the cups-browsed component can result in the execution
of arbitrary commands without authentication when a print job is
started.


For Debian 11 bullseye, these problems have been fixed in version
1.28.7-1+deb11u3.

We recommend that you upgrade your cups-filters packages.

For the detailed security status of cups-filters please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cups-filters

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmb5xoBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeo6w//ZyDnl6WD/BcCRJK+5jeP+ikPCyEb5w/zJyiQfoIgMchCBSkd/UwQXEmW
eCLOT6xOB3oY25qYsVT4a5nOS3MYNaShP1SUDOVPqdkduKcRr3lfBLGC6l6Gu40l
dZpfayw2hKWzDgUlL//QhsKEuwIHZ2ubA2BIg+Cd1YvsPL2jAljPjBHgFXUU8B1g
vFsvCErdzhcCcuXIZ+qfDvuP3TZcop+Z+5oc9Ila4YEYko0yTv1SznwxydfPtnwo
H9uLnnLOhUs24Ve9cbuLndZReZ1wGutsTEn8TuDVcg+SisL9VN50zkUF12yYsok3
Pf/NwhjyMAD2XI0hz4Dg98rSEINtH2g60JhM+T5OpCkXTD7hvq+/3jUEuwWW7SWf
m1JMQ+TPIwkL8haYy2uiUll0ZLrB4hcTH3/zsuIiZDyUYUAIAX5Y27K+4JYHS16D
Xbn3ORLeTUruAK/Aq9WyWBKpSJ/ySjxpw6CCek6uDQOX215blSyPtT4xblpnz0tG
oCpNamoCicdsBZwdfhH7mt5Qu/JBEf68eHCkQ6aCDHgeHMayoUrbJdl6vNLPSedl
fyKwUm6dKUxqzQJEzkD4E2hQraWEBXRhQinotLw0KdCfBus+k6ZCRUmwZkOnNMjc
5G/wLCSeTliO/hslXpOYN29mWb5ouGITMxy0mRUr2s+4bMWzYYk=
=E+Kk
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3904-1] cups security update
Next by Date: [SECURITY] [DLA 3906-1] wireshark security update
Previous by thread: [SECURITY] [DLA 3904-1] cups security update
Next by thread: [SECURITY] [DLA 3906-1] wireshark security update
Index(es):
- Date
- Thread