- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3826-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
June 13, 2024                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : cups
Version        : 2.2.10-6+deb10u10
CVE ID         : CVE-2024-35235


An issue has been found in cups, the Common UNIX Printing System(tm).
When starting the cupsd server with a Listen configuration item pointing 
to a symbolic link, the cupsd process can be caused to perform an 
arbitrary chmod of the provided argument, providing world-writable access 
to the target.


For Debian 10 buster, this problem has been fixed in version
2.2.10-6+deb10u10.

We recommend that you upgrade your cups packages.

For the detailed security status of cups please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cups

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3826-1: cups Security Advisory Updates

June 13, 2024
An issue has been found in cups, the Common UNIX Printing System(tm)

Summary

An issue has been found in cups, the Common UNIX Printing System(tm).
When starting the cupsd server with a Listen configuration item pointing
to a symbolic link, the cupsd process can be caused to perform an
arbitrary chmod of the provided argument, providing world-writable access
to the target.


For Debian 10 buster, this problem has been fixed in version
2.2.10-6+deb10u10.

We recommend that you upgrade your cups packages.

For the detailed security status of cups please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cups

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Severity
Package : cups
Version : 2.2.10-6+deb10u10
CVE ID : CVE-2024-35235

Related News

1.Penguin Landscape Esm H170
2 - 4 min read
As digital privacy and security evolves, anonymity cannot be overemphasized. Tails is a live operating system designed to keep its focus on privacy
32.Lock Code Circular Esm H170
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its
6.EmailConnection Touch Esm H170
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
20.Lock AbstractDigital Circular Esm H170
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server (apache2) impacting versions
24.Key Code Esm H170
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
8.Locks HexConnections CodeGlobe Esm H170
2 - 4 min read
A new backdoor, "Noodle RAT" has caused widespread alarm across the cybersecurity landscape. Research highlights this previously undisclosed malware
30.Lock Globe Motherboard Esm H170
3 - 5 min read
An update to OpenSSH , an open-source implementation of the Secure Shell (SSH) protocol, will introduce options to penalize unwanted behavior and

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved