[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1088992: cups-filters: CVE-2024-47850



Source: cups-filters
Version: 1.28.17-5
Severity: normal
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>


Hi Thorsten,

The following vulnerability was published for cups-filters.

No direct action needed, it's more to get a cross reference in BTS
about the issue, it can be closed once the problematic code is going
to be removed (AFAIU). The mitigations as already handled should be
enought so far.

CVE-2024-47850[0]:
| CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an
| arbitrary destination and port in response to a single IPP UDP
| packet requesting a printer to be added, a different vulnerability
| than CVE-2024-47176. (The request is meant to probe the new printer
| but can be used to create DDoS amplification attacks.)


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-47850
    https://www.cve.org/CVERecord?id=CVE-2024-47850
[1] https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq86-c7g6-r2h8

Regards,
Salvatore


Reply to: