Lucene search

K
oraclelinuxOracleLinuxELSA-2024-7346
HistorySep 30, 2024 - 12:00 a.m.

cups-filters security update

2024-09-3000:00:00
linux.oracle.com
8
cups-filters security update
remote command injection
api sanitization
udp binding vulnerability
orabug 28265099
orabug 29163824
cve-2024-47175
cve-2024-47076
cve-2024-47176

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

28.0%

[1.28.7-17.0.1]

  • header/footer not being printed in banner page. [Orabug: 28265099] ([email protected])
  • Fixes [Orabug: 29163824] source indentation not following convention ([email protected])
    [1.28.7-17]
  • fix rpmverify error
    [1.28.7-16]
  • CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file
  • CVE-2024-47076 cups-filters: cfGetPrinterAttributes API does not perform sanitization on returned IPP attributes
  • CVE-2024-47176 cups-filters: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

7.6

Confidence

Low

EPSS

0.001

Percentile

28.0%