Fedora 40: FEDORA-2024-01127974ec critical: Remote threats in libppd

fedora

September 28, 2024

Fix for remote vulnerabilities against OpenPrinting cups-filters

Summary

Libppd provides all PPD related function/API which is going

to be removed from CUPS 3.X, but are still required for retro-fitting

support of legacy printers. The library is meant only for retro-fitting

printer applications, any new printer drivers have to be written as

native printer application without libppd.

Update Information:

Fix for remote vulnerabilities against OpenPrinting cups-filters

Topics Covered

security advisory fedora software update remote threat cups-filters libppd

Change Log

* Thu Sep 26 2024 Justin M. Forbes - 1:2.1~b1-2 - Fix for CVE-2024-47175

References

[ 1 ] Bug #2314997 - [Major Incident] CVE-2024-47176 cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2314997 [ 2 ] Bug #2315000 - [Major Incident] CVE-2024-47076 libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2315000 [ 3 ] Bug #2315004 - [Major Incident] CVE-2024-47175 libppd: remote command injection via attacker controlled data in PPD file [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2315004 [ 4 ] Bug #2315005 - [Major Incident] CVE-2024-47177 cups-filters: foomatic-rip in cups-filters allows arbitrary command execution via the FoomaticRIPCommandLine PPD parameter [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2315005

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-01127974ec' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

critical

Lowest

Low

Medium

High

Critical

Name: libppd

Product: Fedora 40

Version: 2.1~b1

Release: 2.fc40

URL: https://github.com/OpenPrinting/libppd

Summary: Library for retro-fitting legacy printer drivers

Topics Covered

security advisory fedora software update remote threat cups-filters libppd

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 40: FEDORA-2024-01127974ec critical: Remote threats in libppd

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 40: FEDORA-2024-01127974ec critical: Remote threats in libppd

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!