The officially official Devuan Forum!

You are not logged in.

#1 2024-09-28 13:11:37

Ron
Member
Registered: 2018-04-22
Posts: 526  

Question about Debian issuing patches

So a vulnerability in cups has been known for a couple of days now (link). Some distros already made a patch for it. Does Debian usually lag behind the others in vulnerability issues like this one?

Last edited by Ron (2024-09-28 15:44:52)

Offline

#2 2024-09-28 15:28:46

stopAI
Member
Registered: 2023-04-04
Posts: 185  

Re: Question about Debian issuing patches

Hello. Check this:
https://security-tracker.debian.org/tra … ckage/cups

It is fixed in sid, but not fixed in testing and stable.

Offline

#3 2024-09-28 15:44:26

Ron
Member
Registered: 2018-04-22
Posts: 526  

Re: Question about Debian issuing patches

Thanks for that. I guess it shouldn't be too much longer. (?)

Offline

#4 2024-09-29 09:12:23

ceeslans
Member
Registered: 2024-08-16
Posts: 3  

Re: Question about Debian issuing patches

(Blatantly copied from a post by @johnraff on the bunsenlabs forums)

There's a mitigation shown on Debian's security tracker: https://security-tracker.debian.org/tra … 2024-47176

For client/desktop systems: Remove 'cups' from the "BrowseRemoteProtocols" line in /etc/cups/cups-browsed.conf and restart the cups-browsed service.

This seems to be what has been done in Debian's latest cups-filters upgrade - 1.28.17-5, currently in Sid, so should arrive in Bookworm and Trixie soon:
https://bugs.debian.org/cgi-bin/bugrepo … 1082820#10

Last edited by ceeslans (2024-09-29 11:45:59)

Offline

#5 2024-09-29 09:23:57

ralph.ronnquist
Administrator
From: Battery Point, Tasmania, AUS
Registered: 2016-11-30
Posts: 1,251  

Re: Question about Debian issuing patches

Note that cups-browsed is only used for publishing the printers of your machine for use by other machines. It has nothing to do with how your machine connects to the printers.

You really don't need cups-browsed at all. (One might possibly be able to draw up some use case where it could be close to useful, even if still not necessary). Just purge it.

Online

#6 2024-09-29 10:33:07

stopAI
Member
Registered: 2023-04-04
Posts: 185  

Re: Question about Debian issuing patches

The attack starts with a rogue computer spoofing a fake network printer. The attacked host is running a CUPS server and allows the fake network printer to execute arbitrary code on the server when trying printing with the fake printer.

So, the risk is higher for publicly opened networks with cups servers running. Private networks (i.e. behind a NAT) are at risk if authorized users (or intruders) set up a rogue computer for the attack inside the network.

Offline

#7 2024-09-30 20:20:22

Ron
Member
Registered: 2018-04-22
Posts: 526  

Re: Question about Debian issuing patches

Cups update came today.

Offline

Board footer