ELA-1186-1 cups-filters security update

missing validation of IPP attributes

2024-09-29
Packagecups-filters
Version1.11.6-3+deb9u3 (stretch), 1.21.6-5+deb10u2 (buster)
Related CVEs CVE-2024-47076 CVE-2024-47176


Simone Margaritelli reported several vulnerabilities in cups-filters. Missing validation of IPP attributes returned from an IPP server and multiple bugs in the cups-browsed component can result in the execution of arbitrary commands without authentication when a print job is started.



For Debian 10 buster, these problems have been fixed in version 1.21.6-5+deb10u2.

For Debian 9 stretch, these problems have been fixed in version 1.11.6-3+deb9u3.

We recommend that you upgrade your cups-filters packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.