Headline
RHSA-2023:3424: Red Hat Security Advisory: cups-filters security update
An update for cups-filters is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-24805: A vulnerability was found in cups-filters. This security flaw occurs if you use beh to create an accessible network printer, possibly resulting in remote code execution.
Synopsis
Important: cups-filters security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
- cups-filters: remote code execution in cups-filters, beh CUPS backend (CVE-2023-24805)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2203051 - CVE-2023-24805 cups-filters: remote code execution in cups-filters, beh CUPS backend
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
cups-filters-1.28.7-10.el9_0.1.src.rpm
SHA-256: 46153572ab81ba5540ff9ffbe09103a2d5f51b3b7dd180af98b810df6dccaa6f
x86_64
cups-filters-1.28.7-10.el9_0.1.x86_64.rpm
SHA-256: 3de538faf561b585609ee901ad560ffd1e38402ef89cf9812ecd48d4c238b6e0
cups-filters-debuginfo-1.28.7-10.el9_0.1.i686.rpm
SHA-256: 0bfa8ce0a0f1d4d08cd8f9ffc78473de3723b16b28bff73ec48f389b1df80db8
cups-filters-debuginfo-1.28.7-10.el9_0.1.x86_64.rpm
SHA-256: 8a168a975817041c9554f0fa78afcf75cf87791645b9ec3d82fbdde2ab04c993
cups-filters-debugsource-1.28.7-10.el9_0.1.i686.rpm
SHA-256: 935317ffd111e97c987ede299b24616fa7e67439cb2e2db1af32af95f39b5fcb
cups-filters-debugsource-1.28.7-10.el9_0.1.x86_64.rpm
SHA-256: 5d769847880e07b3a45672092959b938e18c41774b0704264ef80066815a49ad
cups-filters-libs-1.28.7-10.el9_0.1.i686.rpm
SHA-256: e3b7e8fab0378b45290c31aa0f4ff6d2bbe9d6cc7709f72fd7f59265c6e42008
cups-filters-libs-1.28.7-10.el9_0.1.x86_64.rpm
SHA-256: e9f6593118366d7ff5b071edf18bb91cc461987e30a99bd070b39aa638dc0d03
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.i686.rpm
SHA-256: 617fc8afe9a3154e7d470fac306d1a9a4b7903cd940032e045ccc9f2097ce3be
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.x86_64.rpm
SHA-256: c05b49a1ce41509dd8d1023a68b76370fc85c54b77c9856c3e3591c2b9d807ac
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
cups-filters-1.28.7-10.el9_0.1.src.rpm
SHA-256: 46153572ab81ba5540ff9ffbe09103a2d5f51b3b7dd180af98b810df6dccaa6f
s390x
cups-filters-1.28.7-10.el9_0.1.s390x.rpm
SHA-256: bcba89d95cca592ca5172fa1e17b5de864f49e27c3235aa7f218f44fff4bd430
cups-filters-debuginfo-1.28.7-10.el9_0.1.s390x.rpm
SHA-256: 32284845b00acb93954f753726a5b4dc7835b518df96c20a2a0c4e5d14fb5ad7
cups-filters-debugsource-1.28.7-10.el9_0.1.s390x.rpm
SHA-256: 35feb985ca936e529b0ac99bc5b81cc065383f3b739a7c3d41c5d84cd8f30d92
cups-filters-libs-1.28.7-10.el9_0.1.s390x.rpm
SHA-256: 1010fa37c090696a3f70ba8266b414393365f3535890828685ea0cca3e3ddb9e
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.s390x.rpm
SHA-256: 173cb82214d7c860002546ad666c82ec04463995d831f697e419016244b72927
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
cups-filters-1.28.7-10.el9_0.1.src.rpm
SHA-256: 46153572ab81ba5540ff9ffbe09103a2d5f51b3b7dd180af98b810df6dccaa6f
ppc64le
cups-filters-1.28.7-10.el9_0.1.ppc64le.rpm
SHA-256: 9ad6d94a9f74ce6971b5c80895192d36e4eda6adb994335ca17117b8f1356428
cups-filters-debuginfo-1.28.7-10.el9_0.1.ppc64le.rpm
SHA-256: 41ed83078f1edfb5bd8e0f076edff3a69078646c5c6d6aeac4fd236cdf6a48ce
cups-filters-debugsource-1.28.7-10.el9_0.1.ppc64le.rpm
SHA-256: a8f8119cd0cd658e71f24e4ca3d27db18ed22b68d11ff6409f3a5b1c53e52879
cups-filters-libs-1.28.7-10.el9_0.1.ppc64le.rpm
SHA-256: ce7444db58e841868ce7dd8c747890889f4366f0d1c124ce11982d0f5b714ce7
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.ppc64le.rpm
SHA-256: 9dfe9ebfabb3dfec8a38140385f89a092c978156c9fa667b2f922a697ad2da24
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
cups-filters-1.28.7-10.el9_0.1.src.rpm
SHA-256: 46153572ab81ba5540ff9ffbe09103a2d5f51b3b7dd180af98b810df6dccaa6f
aarch64
cups-filters-1.28.7-10.el9_0.1.aarch64.rpm
SHA-256: 89121a93510e7a098d25ca87ebd43b19bcfcb2ff340bfa117462ff5f15702a65
cups-filters-debuginfo-1.28.7-10.el9_0.1.aarch64.rpm
SHA-256: e1397a3a9a698981b5382c30a5ff17c044cda0cb2f890cadeb8dfa9560dd7b08
cups-filters-debugsource-1.28.7-10.el9_0.1.aarch64.rpm
SHA-256: 5eba2d43f9dbe2107289b3d067b0468c35a299e8c304a74aac18f50840fd224f
cups-filters-libs-1.28.7-10.el9_0.1.aarch64.rpm
SHA-256: 72c5ad8b99a73530a2ebcb00f1e7e520a50e41379633c61aa2c3268c85039525
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.aarch64.rpm
SHA-256: 6bd4adfb9371c3a6f24024df0a6715a12a4b2fd2f5f11428a2a79ed0ef05cac6
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
cups-filters-1.28.7-10.el9_0.1.src.rpm
SHA-256: 46153572ab81ba5540ff9ffbe09103a2d5f51b3b7dd180af98b810df6dccaa6f
ppc64le
cups-filters-1.28.7-10.el9_0.1.ppc64le.rpm
SHA-256: 9ad6d94a9f74ce6971b5c80895192d36e4eda6adb994335ca17117b8f1356428
cups-filters-debuginfo-1.28.7-10.el9_0.1.ppc64le.rpm
SHA-256: 41ed83078f1edfb5bd8e0f076edff3a69078646c5c6d6aeac4fd236cdf6a48ce
cups-filters-debugsource-1.28.7-10.el9_0.1.ppc64le.rpm
SHA-256: a8f8119cd0cd658e71f24e4ca3d27db18ed22b68d11ff6409f3a5b1c53e52879
cups-filters-libs-1.28.7-10.el9_0.1.ppc64le.rpm
SHA-256: ce7444db58e841868ce7dd8c747890889f4366f0d1c124ce11982d0f5b714ce7
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.ppc64le.rpm
SHA-256: 9dfe9ebfabb3dfec8a38140385f89a092c978156c9fa667b2f922a697ad2da24
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
cups-filters-1.28.7-10.el9_0.1.src.rpm
SHA-256: 46153572ab81ba5540ff9ffbe09103a2d5f51b3b7dd180af98b810df6dccaa6f
x86_64
cups-filters-1.28.7-10.el9_0.1.x86_64.rpm
SHA-256: 3de538faf561b585609ee901ad560ffd1e38402ef89cf9812ecd48d4c238b6e0
cups-filters-debuginfo-1.28.7-10.el9_0.1.i686.rpm
SHA-256: 0bfa8ce0a0f1d4d08cd8f9ffc78473de3723b16b28bff73ec48f389b1df80db8
cups-filters-debuginfo-1.28.7-10.el9_0.1.x86_64.rpm
SHA-256: 8a168a975817041c9554f0fa78afcf75cf87791645b9ec3d82fbdde2ab04c993
cups-filters-debugsource-1.28.7-10.el9_0.1.i686.rpm
SHA-256: 935317ffd111e97c987ede299b24616fa7e67439cb2e2db1af32af95f39b5fcb
cups-filters-debugsource-1.28.7-10.el9_0.1.x86_64.rpm
SHA-256: 5d769847880e07b3a45672092959b938e18c41774b0704264ef80066815a49ad
cups-filters-libs-1.28.7-10.el9_0.1.i686.rpm
SHA-256: e3b7e8fab0378b45290c31aa0f4ff6d2bbe9d6cc7709f72fd7f59265c6e42008
cups-filters-libs-1.28.7-10.el9_0.1.x86_64.rpm
SHA-256: e9f6593118366d7ff5b071edf18bb91cc461987e30a99bd070b39aa638dc0d03
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.i686.rpm
SHA-256: 617fc8afe9a3154e7d470fac306d1a9a4b7903cd940032e045ccc9f2097ce3be
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.x86_64.rpm
SHA-256: c05b49a1ce41509dd8d1023a68b76370fc85c54b77c9856c3e3591c2b9d807ac
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0
SRPM
x86_64
cups-filters-debuginfo-1.28.7-10.el9_0.1.i686.rpm
SHA-256: 0bfa8ce0a0f1d4d08cd8f9ffc78473de3723b16b28bff73ec48f389b1df80db8
cups-filters-debuginfo-1.28.7-10.el9_0.1.x86_64.rpm
SHA-256: 8a168a975817041c9554f0fa78afcf75cf87791645b9ec3d82fbdde2ab04c993
cups-filters-debugsource-1.28.7-10.el9_0.1.i686.rpm
SHA-256: 935317ffd111e97c987ede299b24616fa7e67439cb2e2db1af32af95f39b5fcb
cups-filters-debugsource-1.28.7-10.el9_0.1.x86_64.rpm
SHA-256: 5d769847880e07b3a45672092959b938e18c41774b0704264ef80066815a49ad
cups-filters-devel-1.28.7-10.el9_0.1.i686.rpm
SHA-256: 0712cf35663249e6a7fe1b2f55ee7324c8c14e375ca574b14eabd439bd8ba5a0
cups-filters-devel-1.28.7-10.el9_0.1.x86_64.rpm
SHA-256: 99068dda78b81e6308a46b250b546999ca4834ce9b72a30e89437a7cd455bf8f
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.i686.rpm
SHA-256: 617fc8afe9a3154e7d470fac306d1a9a4b7903cd940032e045ccc9f2097ce3be
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.x86_64.rpm
SHA-256: c05b49a1ce41509dd8d1023a68b76370fc85c54b77c9856c3e3591c2b9d807ac
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0
SRPM
ppc64le
cups-filters-debuginfo-1.28.7-10.el9_0.1.ppc64le.rpm
SHA-256: 41ed83078f1edfb5bd8e0f076edff3a69078646c5c6d6aeac4fd236cdf6a48ce
cups-filters-debugsource-1.28.7-10.el9_0.1.ppc64le.rpm
SHA-256: a8f8119cd0cd658e71f24e4ca3d27db18ed22b68d11ff6409f3a5b1c53e52879
cups-filters-devel-1.28.7-10.el9_0.1.ppc64le.rpm
SHA-256: 29559193b45c14d90e434437f6bfc8c14c7d7babaf885af383ad67581e0ecb15
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.ppc64le.rpm
SHA-256: 9dfe9ebfabb3dfec8a38140385f89a092c978156c9fa667b2f922a697ad2da24
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0
SRPM
s390x
cups-filters-debuginfo-1.28.7-10.el9_0.1.s390x.rpm
SHA-256: 32284845b00acb93954f753726a5b4dc7835b518df96c20a2a0c4e5d14fb5ad7
cups-filters-debugsource-1.28.7-10.el9_0.1.s390x.rpm
SHA-256: 35feb985ca936e529b0ac99bc5b81cc065383f3b739a7c3d41c5d84cd8f30d92
cups-filters-devel-1.28.7-10.el9_0.1.s390x.rpm
SHA-256: 97016de30f0c921d208131f8647d132502af379060b4b90aafe109e1f9e208bb
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.s390x.rpm
SHA-256: 173cb82214d7c860002546ad666c82ec04463995d831f697e419016244b72927
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0
SRPM
aarch64
cups-filters-debuginfo-1.28.7-10.el9_0.1.aarch64.rpm
SHA-256: e1397a3a9a698981b5382c30a5ff17c044cda0cb2f890cadeb8dfa9560dd7b08
cups-filters-debugsource-1.28.7-10.el9_0.1.aarch64.rpm
SHA-256: 5eba2d43f9dbe2107289b3d067b0468c35a299e8c304a74aac18f50840fd224f
cups-filters-devel-1.28.7-10.el9_0.1.aarch64.rpm
SHA-256: f3a24c3797a4b8bde0f642e45ba7b843c6fbdec8b5da4d0d457f711a1d1ad6cd
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.aarch64.rpm
SHA-256: 6bd4adfb9371c3a6f24024df0a6715a12a4b2fd2f5f11428a2a79ed0ef05cac6
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
cups-filters-1.28.7-10.el9_0.1.src.rpm
SHA-256: 46153572ab81ba5540ff9ffbe09103a2d5f51b3b7dd180af98b810df6dccaa6f
aarch64
cups-filters-1.28.7-10.el9_0.1.aarch64.rpm
SHA-256: 89121a93510e7a098d25ca87ebd43b19bcfcb2ff340bfa117462ff5f15702a65
cups-filters-debuginfo-1.28.7-10.el9_0.1.aarch64.rpm
SHA-256: e1397a3a9a698981b5382c30a5ff17c044cda0cb2f890cadeb8dfa9560dd7b08
cups-filters-debugsource-1.28.7-10.el9_0.1.aarch64.rpm
SHA-256: 5eba2d43f9dbe2107289b3d067b0468c35a299e8c304a74aac18f50840fd224f
cups-filters-libs-1.28.7-10.el9_0.1.aarch64.rpm
SHA-256: 72c5ad8b99a73530a2ebcb00f1e7e520a50e41379633c61aa2c3268c85039525
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.aarch64.rpm
SHA-256: 6bd4adfb9371c3a6f24024df0a6715a12a4b2fd2f5f11428a2a79ed0ef05cac6
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
cups-filters-1.28.7-10.el9_0.1.src.rpm
SHA-256: 46153572ab81ba5540ff9ffbe09103a2d5f51b3b7dd180af98b810df6dccaa6f
s390x
cups-filters-1.28.7-10.el9_0.1.s390x.rpm
SHA-256: bcba89d95cca592ca5172fa1e17b5de864f49e27c3235aa7f218f44fff4bd430
cups-filters-debuginfo-1.28.7-10.el9_0.1.s390x.rpm
SHA-256: 32284845b00acb93954f753726a5b4dc7835b518df96c20a2a0c4e5d14fb5ad7
cups-filters-debugsource-1.28.7-10.el9_0.1.s390x.rpm
SHA-256: 35feb985ca936e529b0ac99bc5b81cc065383f3b739a7c3d41c5d84cd8f30d92
cups-filters-libs-1.28.7-10.el9_0.1.s390x.rpm
SHA-256: 1010fa37c090696a3f70ba8266b414393365f3535890828685ea0cca3e3ddb9e
cups-filters-libs-debuginfo-1.28.7-10.el9_0.1.s390x.rpm
SHA-256: 173cb82214d7c860002546ad666c82ec04463995d831f697e419016244b72927
Related news
Gentoo Linux Security Advisory 202401-6 - A vulnerability has been found in CUPS filters where remote code execution is possible via the beh filter. Versions greater than or equal to 1.28.17-r2 are affected.
Ubuntu Security Notice 6083-2 - USN-6083-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 16.04 LTS. It was discovered that cups-filters incorrectly handled the beh CUPS backend. A remote attacker could possibly use this issue to cause the backend to stop responding or to execute arbitrary code.
Red Hat Security Advisory 2023-3428-01 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-3425-01 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-3429-02 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2023-3426-01 - The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System distribution but is now maintained independently. Issues addressed include a code execution vulnerability.
An update for cups-filters is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24805: A vulnerability was found in cups-filters. This security flaw occurs if you use beh to create an accessible network printer, possibly resulting in remote code execution.
An update for cups-filters is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24805: A vulnerability was found in cups-filters. This security flaw occurs if you use beh to create an accessible network printer, possibly resulting in remote code execution.
An update for cups-filters is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24805: A vulnerability was found in cups-filters. This security flaw occurs if you use beh to create an accessible network printer, possibly resulting in remote code execution.
An update for cups-filters is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24805: A vulnerability was found in cups-filters. This security flaw occurs if you use beh to create an accessible network printer, possibly resulting in remote code execution.
Debian Linux Security Advisory 5407-1 - It was discovered that missing input sanitising in cups-filters, when using the Backend Error Handler (beh) backend to create an accessible network printer, may result in the execution of arbitrary commands.
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.