ELA-852-1 cups-filters security update

RCE due to missing input sanitising

2023-05-22
Packagecups-filters
Version1.11.6-3+deb9u2 (stretch)
Related CVEs CVE-2023-24805


It was discovered that missing input sanitising in cups-filters, when using the Backend Error Handler (beh) backend to create an accessible network printer, may result in the execution of arbitrary commands.



For Debian 9 stretch, these problems have been fixed in version 1.11.6-3+deb9u2.

We recommend that you upgrade your cups-filters packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.