Headline
Ubuntu Security Notice USN-6128-1
Ubuntu Security Notice 6128-1 - It was discovered that CUPS incorrectly handled logging. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.
==========================================================================
Ubuntu Security Notice USN-6128-1
June 01, 2023
cups vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.04
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
CUPS could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
- cups: Common UNIX Printing System™
Details:
It was discovered that CUPS incorrectly handled logging. A remote attacker
could use this issue to cause CUPS to crash, resulting in a denial of
service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.04:
cups 2.4.2-3ubuntu2.1
Ubuntu 22.10:
cups 2.4.2-1ubuntu2.1
Ubuntu 22.04 LTS:
cups 2.4.1op1-1ubuntu4.2
Ubuntu 20.04 LTS:
cups 2.3.1-9ubuntu1.3
Ubuntu 18.04 LTS:
cups 2.2.7-1ubuntu2.10
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6128-1
CVE-2023-32324
Package Information:
https://launchpad.net/ubuntu/+source/cups/2.4.2-3ubuntu2.1
https://launchpad.net/ubuntu/+source/cups/2.4.2-1ubuntu2.1
https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.2
https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.3
https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.10
Related news
Red Hat Security Advisory 2024-1409-03 - An update for cups is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow, denial of service, and use-after-free vulnerabilities.
Gentoo Linux Security Advisory 202402-17 - Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 2.4.7 are affected.
Red Hat Security Advisory 2023-7165-01 - An update for cups is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer overflow, denial of service, and use-after-free vulnerabilities.
Ubuntu Security Notice 6128-2 - USN-6128-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that CUPS incorrectly handled logging. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.
OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.