You are not logged in.
Pages: 1
So a vulnerability in cups has been known for a couple of days now (link). Some distros already made a patch for it. Does Debian usually lag behind the others in vulnerability issues like this one?
Last edited by Ron (2024-09-28 15:44:52)
Offline
Hello. Check this:
https://security-tracker.debian.org/tra … ckage/cups
It is fixed in sid, but not fixed in testing and stable.
Offline
Thanks for that. I guess it shouldn't be too much longer. (?)
Offline
(Blatantly copied from a post by @johnraff on the bunsenlabs forums)
There's a mitigation shown on Debian's security tracker: https://security-tracker.debian.org/tra … 2024-47176
For client/desktop systems: Remove 'cups' from the "BrowseRemoteProtocols" line in /etc/cups/cups-browsed.conf and restart the cups-browsed service.
This seems to be what has been done in Debian's latest cups-filters upgrade - 1.28.17-5, currently in Sid, so should arrive in Bookworm and Trixie soon:
https://bugs.debian.org/cgi-bin/bugrepo … 1082820#10
Last edited by ceeslans (2024-09-29 11:45:59)
Offline
Note that cups-browsed is only used for publishing the printers of your machine for use by other machines. It has nothing to do with how your machine connects to the printers.
You really don't need cups-browsed at all. (One might possibly be able to draw up some use case where it could be close to useful, even if still not necessary). Just purge it.
Online
The attack starts with a rogue computer spoofing a fake network printer. The attacked host is running a CUPS server and allows the fake network printer to execute arbitrary code on the server when trying printing with the fake printer.
So, the risk is higher for publicly opened networks with cups servers running. Private networks (i.e. behind a NAT) are at risk if authorized users (or intruders) set up a rogue computer for the attack inside the network.
Offline
Cups update came today.
Offline
Pages: 1