Headline
Ubuntu Security Notice USN-7044-1
Ubuntu Security Notice 7044-1 - Simone Margaritelli discovered that libcupsfilters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.
==========================================================================Ubuntu Security Notice USN-7044-1September 26, 2024libcupsfilters vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:libcupsfilters could be made to run programs if it received speciallycrafted network traffic.Software Description:- libcupsfilters: OpenPrinting libcupsfiltersDetails:Simone Margaritelli discovered that libcupsfilters incorrectly sanitizedIPP data when creating PPD files. A remote attacker could possibly use thisissue to manipulate PPD files and execute arbitrary code when a printer isused.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS libcupsfilters2-common 2.0.0-0ubuntu7.1 libcupsfilters2t64 2.0.0-0ubuntu7.1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-7044-1 CVE-2024-47076Package Information: https://launchpad.net/ubuntu/+source/libcupsfilters/2.0.0-0ubuntu7.1Related news
Ubuntu Security Notice 7043-1 - Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol. Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.
A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. "A remote unauthenticated attacker can silently replace existing printers' (or install new ones) IPP urls with a malicious one, resulting in arbitrary command execution (on the computer) when a print