[SECURITY] [DLA 4298-1] cups security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4298-1] cups security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 11 Sep 2025 21:46:41 +0000 (UTC)
Message-id: <[🔎] d9b25a2-2f45-6a51-3f6f-a982bddfdb@alteholz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4298-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 11, 2025                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : cups
Version        : 2.3.3op2-3+deb11u10
CVE ID         : CVE-2025-58060 CVE-2025-58364


Two vulnerabilities were discovered in cups, the Common UNIX Printing
System, which may result in authentication bypass with AuthType
Negotiate or in denial of service (daemon crash).


For Debian 11 bullseye, these problems have been fixed in version
2.3.3op2-3+deb11u10.

We recommend that you upgrade your cups packages.

For the detailed security status of cups please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cups

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmjDQ0FfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEc66Q//bjJNF+XRvYJC07Zk6f0F4KT4Ym9jSF7h7K1ccZT3RxwX+oEwqj3AgOyp
Dc2jYIAidk6W9H4WhTr/lh/S8AiWETa9tjfL39lWrpuqKDSfstf0V+XQ7F6dxclw
pNnKtlXYIYbeVW1Ywb5flks2vcI/wRPyqp+v3vXXQM7dQ9cOWbT8XO4VySQnLFGQ
H692/WVE3COGz4xAyr+hJWXoWXZXvgIsYyPsqig4rP/NqVnSue2A7QAnZpJJfznx
NnEzpvll4UpJ7cBmgSWaWSyhqktIUEPHQXSEPXtt/zrbvMCaFBOpryCJNdPq79wu
wNmmkeGLNObUk/QaXMuNZBq1yWOyh0Meg4Ndnypk8KjAu/jrB9nVs3xe5eD7ox38
gVQX10V6Um6P7e15mmA9Vt0B17efhVZSER9cxe/Oi6eK/Tnt/Ou2Tr40eL/GuGiu
SjsUleDRP3qQSgCneA+DiNM8efjazPeemhbEZCfaTZ2++NdQJ1LoYj3hTsAmqv0q
o7dAXcIoDZ4qecjEg0NUhY2eAtdvfI7XxP3UizAeRXpJgN9a8NoF/IjgC8jdanbT
L0kobA6MtNki47ykZgWY6z7a0GOCYgoCcehXA0+6skBShqUN/VVCXPFWDT61S9MN
xa2/peCKS+rU3T6xHbYavZonRNSA5t7Y2qfDcIYo0hgPWskKiG0=
=xpH0
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4297-1] imagemagick security update
Next by Date: [SECURITY] [DLA 4299-1] jetty9 security update
Previous by thread: [SECURITY] [DLA 4297-1] imagemagick security update
Next by thread: [SECURITY] [DLA 4299-1] jetty9 security update
Index(es):
- Date
- Thread