Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6844-1

Ubuntu Security Notice 6844-1 - Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the cupsd process fails to validate if bind call passed. An attacker could possibly trick cupsd to perform an arbitrary chmod of the provided argument, providing world-writable access to the target.

Packet Storm
#vulnerability#ubuntu

==========================================================================
Ubuntu Security Notice USN-6844-1
June 24, 2024

cups vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 23.10
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS

Summary:

CUPS could be made to arbitrary chmod paths with specially
crafted configuration file.

Software Description:

  • cups: Common UNIX Printing System™

Details:

Rory McNamara discovered that when starting the cupsd server with a
Listen configuration item, the cupsd process fails to validate if
bind call passed. An attacker could possibly trick cupsd to perform
an arbitrary chmod of the provided argument, providing world-writable
access to the target.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
cups 2.4.7-1.2ubuntu7.1

Ubuntu 23.10
cups 2.4.6-0ubuntu3.1

Ubuntu 22.04 LTS
cups 2.4.1op1-1ubuntu4.9

Ubuntu 20.04 LTS
cups 2.3.1-9ubuntu1.7

Ubuntu 18.04 LTS
cups 2.2.7-1ubuntu2.10+esm4
Available with Ubuntu Pro

Ubuntu 16.04 LTS
cups 2.1.3-4ubuntu0.11+esm6
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6844-1
CVE-2024-35235

Package Information:
https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.1
https://launchpad.net/ubuntu/+source/cups/2.4.6-0ubuntu3.1
https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.9
https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.7

Related news

Red Hat Security Advisory 2024-4715-03

Red Hat Security Advisory 2024-4715-03 - An update for cups is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Security Advisory 2024-4776-03

Red Hat Security Advisory 2024-4776-03 - An update for cups is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-4580-03

Red Hat Security Advisory 2024-4580-03 - An update for cups is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-4265-03

Red Hat Security Advisory 2024-4265-03 - An update for cups is now available for Red Hat Enterprise Linux 8.

Packet Storm: Latest News

Ubuntu Security Notice USN-7089-6