Ubuntu 24.04 LTS USN-7042-2 high: cups-browsed remote code execution
ubuntu
October 9, 2024
cups-browsed could be made to run programs if it received specially crafted network traffic.
Summary
cups-browsed could be made to run programs if it received specially crafted
network traffic.
Software Description:
- cups-browsed: OpenPrinting cups-browsed
Details:
USN-7042-1 fixed a vulnerability in cups-browsed. This update improves the
fix by removing support for the legacy CUPS printer discovery protocol
entirely.
Original advisory details:
Simone Margaritelli discovered that cups-browsed could be used to create
arbitrary printers from outside the local network. In combination with
issues in other printing components, a remote attacker could possibly use
this issue to connect to a system, created manipulated PPD files, and
execute arbitrary code when a printer is used. This update disables
support for the legacy CUPS printer discovery protocol.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS cups-browsed 2.0.0-0ubuntu10.2 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-7042-2
https://ubuntu.com/security/notices/USN-7042-1
CVE-2024-47176
PREVIOUS
NEXT
Ubuntu Security Notice USN-7042-2
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!