Bug#1088992: cups-filters: CVE-2024-47850

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1088992: cups-filters: CVE-2024-47850
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 03 Dec 2024 22:04:07 +0100
Message-id: <[🔎] 173325984753.4178767.14198476023139608751.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1088992@bugs.debian.org

Source: cups-filters
Version: 1.28.17-5
Severity: normal
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>


Hi Thorsten,

The following vulnerability was published for cups-filters.

No direct action needed, it's more to get a cross reference in BTS
about the issue, it can be closed once the problematic code is going
to be removed (AFAIU). The mitigations as already handled should be
enought so far.

CVE-2024-47850[0]:
| CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an
| arbitrary destination and port in response to a single IPP UDP
| packet requesting a printer to be added, a different vulnerability
| than CVE-2024-47176. (The request is meant to probe the new printer
| but can be used to create DDoS amplification attacks.)


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-47850
    https://www.cve.org/CVERecord?id=CVE-2024-47850
[1] https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq86-c7g6-r2h8

Regards,
Salvatore

Reply to:

Prev by Date: [bts-link] source package ghostscript
Next by Date: Processing of gutenprint_5.3.4.20220624T01008808d602-4_source.changes
Previous by thread: [bts-link] source package ghostscript
Next by thread: Processing of gutenprint_5.3.4.20220624T01008808d602-4_source.changes
Index(es):
- Date
- Thread