Package | cups-filters |
---|---|
Version | 1.11.6-3+deb9u3 (stretch), 1.21.6-5+deb10u2 (buster) |
Related CVEs | CVE-2024-47076 CVE-2024-47176 |
Simone Margaritelli reported several vulnerabilities in cups-filters. Missing validation of IPP attributes returned from an IPP server and multiple bugs in the cups-browsed component can result in the execution of arbitrary commands without authentication when a print job is started.
For Debian 10 buster, these problems have been fixed in version 1.21.6-5+deb10u2.
For Debian 9 stretch, these problems have been fixed in version 1.11.6-3+deb9u3.
We recommend that you upgrade your cups-filters packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.