Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 39: FEDORA-2024-cf6ab63871 critical: libppd remote command injection

fedora
Calendar Grey September 28, 2024
Dist Fedora Esm H88
The recent Fedora security advisory highlights severe libppd vulnerabilities linked to remote command execution, stressing the need for urgent patches in the OpenPrinting cups-filters package
Fix for remote vulnerabilities against OpenPrinting cups-filters

Summary

Libppd provides all PPD related function/API which is going

to be removed from CUPS 3.X, but are still required for retro-fitting

support of legacy printers. The library is meant only for retro-fitting

printer applications, any new printer drivers have to be written as

native printer application without libppd.

Update Information:

Fix for remote vulnerabilities against OpenPrinting cups-filters

Topics%20covered

Topics Covered

security advisory update Fedora remote access command injection cups-filters libppd

Change Log

* Thu Sep 26 2024 Justin M. Forbes - 1:2.1~b1-2 - Fix for CVE-2024-47175

References


[ 1 ] Bug #2314996 - [Major Incident] CVE-2024-47176 cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2314996 [ 2 ] Bug #2314999 - [Major Incident] CVE-2024-47076 libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2314999 [ 3 ] Bug #2315002 - [Major Incident] CVE-2024-47175 libppd: remote command injection via attacker controlled data in PPD file [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2315002 [ 4 ] Bug #2315003 - [Major Incident] CVE-2024-47177 cups-filters: foomatic-rip in cups-filters allows arbitrary command execution via the FoomaticRIPCommandLine PPD parameter [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2315003

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-cf6ab63871' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libppd
Product: Fedora 39
Version: 2.1~b1
Release: 2.fc39
URL: https://github.com/OpenPrinting/libppd
Summary: Library for retro-fitting legacy printer drivers

Topics%20covered

Topics Covered

security advisory update Fedora remote access command injection cups-filters libppd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here