Mageia 8 & 9: 2023-0284 Moderate: CUPS Authentication Issue and Overflow
mageia
October 10, 2023
The updated packages fix security vulnerabilities: It was discovered that CUPS incorrectly authenticated certain remote requests
Summary
The updated packages fix security vulnerabilities:
It was discovered that CUPS incorrectly authenticated certain remote
requests. A remote attacker could possibly use this issue to obtain
recently printed documents. (CVE-2023-32360)
Due to failure in validating the length provided by an attacker-crafted
PPD PostScript document, CUPS and libppd are susceptible to a heap-based
buffer overflow and possibly code execution. (CVE-2023-4504)
References
- https://bugs.mageia.org/show_bug.cgi?id=32281
- https://www.cve.org/CVERecord?id=CVE-2023-32360
- https://ubuntu.com/security/notices/USN-6361-1
- https://www.cve.org/CVERecord?id=CVE-2023-4504
- https://ubuntu.com/security/notices/USN-6391-1
- https://www.cve.org/CVERecord?id=CVE-2023-4504
- https://www.cve.org/CVERecord?id=CVE-2023-32360
Resolution
SRPMS
- 9/core/cups-2.4.6-1.1.mga9
- 8/core/cups-2.3.3op2-1.5.mga8
PREVIOUS
NEXT
Publication date: 10 Oct 2023
URL: https://advisories.mageia.org/MGASA-2023-0284.html
Type: security
CVE: CVE-2023-4504,
CVE-2023-32360
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!