Alerts This Week
Warning Icon 1 1,220
Alerts This Week
Warning Icon 1 1,220

Ubuntu 24.04 USN-6844-2 Moderate: CUPS Daemon Issue Correction

ubuntu
Calendar Grey July 2, 2024
Dist Ubuntu Esm H88
A patch addresses a bug impacting the cupsd service in CUPS throughout several Ubuntu versions post USN-6844-1.
USN-6844-1 caused the cupsd daemon to never start

Summary

USN-6844-1 caused the cupsd daemon to never start

Software Description:

- cups: Common UNIX Printing System(tm)

Details:

USN-6844-1 fixed vulnerabilities in the CUPS package. The update

lead to the discovery of a regression in CUPS with regards to

how the cupsd daemon handles Listen configuration directive.

This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Rory McNamara discovered that when starting the cupsd server with a

Listen configuration item, the cupsd process fails to validate if

bind call passed. An attacker could possibly trick cupsd to perform

an arbitrary chmod of the provided argument, providing world-writable

access to the target.

Topics%20covered

Topics Covered

security advisory moderate severity daemon fix ubuntu 24.04 cups daemon cups regression

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   cups                            2.4.7-1.2ubuntu7.2
   cups-daemon                     2.4.7-1.2ubuntu7.2

Ubuntu 23.10
   cups                            2.4.6-0ubuntu3.2
   cups-daemon                     2.4.6-0ubuntu3.2

Ubuntu 22.04 LTS
   cups                            2.4.1op1-1ubuntu4.10
   cups-daemon                     2.4.1op1-1ubuntu4.10

Ubuntu 20.04 LTS
   cups                            2.3.1-9ubuntu1.8
   cups-daemon                     2.3.1-9ubuntu1.8

Ubuntu 18.04 LTS
   cups                            2.2.7-1ubuntu2.10+esm5
                                   Available with Ubuntu Pro
   cups-daemon                     2.2.7-1ubuntu2.10+esm5
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   cups                            2.1.3-4ubuntu0.11+esm7
                                   Available with Ubuntu Pro
   cups-daemon                     2.1.3-4ubuntu0.11+esm7
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6844-2

https://ubuntu.com/security/notices/USN-6844-1

https://bugs.launchpad.net/ubuntu/+source/cups/+bug/2070315

Severity
important
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory moderate severity daemon fix ubuntu 24.04 cups daemon cups regression

Package Information

https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.2
https://launchpad.net/ubuntu/+source/cups/2.4.6-0ubuntu3.2
https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.10
https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.8

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here