Your message dated Mon, 28 Jul 2014 12:33:58 +0000 with message-id <e1xbk7q-0004tl...@franck.debian.org> and subject line Bug#755807: fixed in cups 1.7.4-3 has caused the Debian Bug report #755807, regarding CUPS listens on *all* interfaces per default when installed on machines using systemd to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 755807: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755807 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: cups-daemon Version: 1.7.4-1 Severity: serious Justification: Information leak and possible security vulnerability Tags: security Hi, installing (not upgrading!) the cups-daemon package on a machine using systemd as PID 1 creates the /etc/cups/cupsd-systemd-listen.conf file like this: [Socket] # This file was generated by CUPS and _WILL_ be deleted or overwritten by it! # It has to be kept in sync with the Port and Listen stanzas in /etc/cups/cupsd.conf # It is by default symlinked as cups-listen.conf in the # /etc/systemd/system/cups.socket.d/ directory. Remove the symlink # and write your own file there if you don't want this. See systemd.socket(5). # Matches the default 'Listen localhost:631' from cupsd.conf.default ListenStream=0.0.0.0:631 ListenStream=[::]:631 As this file gets symlinked from the /etc/systemd/system/cups.socket.d/ directory, this means that systemd will listen on *all* interfaces and hand the incoming connections to CUPS. Admittedly, CUPS still enforces it's own access limitations set in /etc/cups/cupsd.conf, but only after initially accepting the connection. It will then respond with a HTTP 403 (Forbidden) error page, confirming that there is indeed a CUPS daemon running and leaking (at least) its version number and the system locale. Best regards Alexander Kurtzsignature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Source: cups Source-Version: 1.7.4-3 We believe that the bug you reported is fixed in the latest version of cups, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 755...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Didier Raboud <o...@debian.org> (supplier of updated cups package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 28 Jul 2014 08:22:29 +0200 Source: cups Binary: libcups2 libcupsimage2 libcupscgi1 libcupsmime1 libcupsppdc1 cups cups-core-drivers cups-daemon cups-client libcups2-dev libcupsimage2-dev libcupscgi1-dev libcupsmime1-dev libcupsppdc1-dev cups-bsd cups-common cups-server-common cups-ppdc cups-dbg Architecture: source amd64 all Version: 1.7.4-3 Distribution: unstable Urgency: medium Maintainer: Debian Printing Team <debian-print...@lists.debian.org> Changed-By: Didier Raboud <o...@debian.org> Description: cups - Common UNIX Printing System(tm) - PPD/driver support, web interfa cups-bsd - Common UNIX Printing System(tm) - BSD commands cups-client - Common UNIX Printing System(tm) - client programs (SysV) cups-common - Common UNIX Printing System(tm) - common files cups-core-drivers - Common UNIX Printing System(tm) - PPD-less printing cups-daemon - Common UNIX Printing System(tm) - daemon cups-dbg - Common UNIX Printing System(tm) - debugging symbols cups-ppdc - Common UNIX Printing System(tm) - PPD manipulation utilities cups-server-common - Common UNIX Printing System(tm) - server common files libcups2 - Common UNIX Printing System(tm) - Core library libcups2-dev - Common UNIX Printing System(tm) - Development files CUPS library libcupscgi1 - Common UNIX Printing System(tm) - CGI library libcupscgi1-dev - Common UNIX Printing System(tm) - Development files for CGI libra libcupsimage2 - Common UNIX Printing System(tm) - Raster image library libcupsimage2-dev - Common UNIX Printing System(tm) - Development files CUPS image li libcupsmime1 - Common UNIX Printing System(tm) - MIME library libcupsmime1-dev - Common UNIX Printing System(tm) - Development files MIME library libcupsppdc1 - Common UNIX Printing System(tm) - PPD manipulation library libcupsppdc1-dev - Common UNIX Printing System(tm) - Development files PPD library Closes: 755807 755932 Changes: cups (1.7.4-3) unstable; urgency=medium . * In cups-daemon's postinst, remove leftover cups.patch symlink in multi-user.target.wants (Closes: #755932) * Correct default listening address used under systemd for new installations; also correct the discrepancy on upgrades (Closes: #755807) Checksums-Sha1: 21a37814754882321cbd52acf5fae884d3062b02 3529 cups_1.7.4-3.dsc 2e858f530a96a47b873f7459f49c403b28e35726 302424 cups_1.7.4-3.debian.tar.xz 55babcd4f3b695d6cfd712b41d1dc6e3c9e4d3be 281518 libcups2_1.7.4-3_amd64.deb 058590de9a1a8c8cc2439718501a979102b0bcf2 114548 libcupsimage2_1.7.4-3_amd64.deb 09cc35ffd38b0c61dac31b429357c38158f94af9 126678 libcupscgi1_1.7.4-3_amd64.deb b3358b31485ac389d2e51819d08c2b3a1355253d 111644 libcupsmime1_1.7.4-3_amd64.deb 5023a8732dcdc24f3fbb69e6baf9a3d2577b87af 144194 libcupsppdc1_1.7.4-3_amd64.deb 9cf4bbf1ff7e42bd5cd0162834ccd36159024af9 289800 cups_1.7.4-3_amd64.deb 8dea3665671e1ea4f7d04aabb2513e5ea53c8c81 125012 cups-core-drivers_1.7.4-3_amd64.deb 2b9fed442734aac8fb3ff6b36ac3bd778f37c448 372570 cups-daemon_1.7.4-3_amd64.deb 7a0a1b88f9f6d46f0dd4b3f7d42f39e3e26e794d 296406 cups-client_1.7.4-3_amd64.deb 368b935746ae787594427d711e18fa1bcc67a3a1 319284 libcups2-dev_1.7.4-3_amd64.deb 43a8f3529e40a7cdf2df7ad9f8680a3ce47cdb8f 17914 libcupsimage2-dev_1.7.4-3_amd64.deb bf54256298b2e550492a974f72604c84e3b3fbad 129164 libcupscgi1-dev_1.7.4-3_amd64.deb 6fb72e63916336c1ab57bfecb6dba35418c95585 112314 libcupsmime1-dev_1.7.4-3_amd64.deb b619a9c360ccdd7531b18f892b70ad41bc193483 149394 libcupsppdc1-dev_1.7.4-3_amd64.deb 7173bf74efc9ffa47e8994f8ce190b312c81a96c 35162 cups-bsd_1.7.4-3_amd64.deb 1c60508f5e04c743bfa24288f98dbc8e57a36fa9 271832 cups-common_1.7.4-3_all.deb bdd618346c2c40bd461464f83477f9b417f41dd0 615068 cups-server-common_1.7.4-3_all.deb 4ce4916f16c59316b8498a1784c6ebecd74a136f 124882 cups-ppdc_1.7.4-3_amd64.deb ced068ef5ccc8373990246ce892240b9b31caac9 1737174 cups-dbg_1.7.4-3_amd64.deb Checksums-Sha256: aaf73b3d9c1e935b78a348a0be30c69df684a11ab29aae04daf3e1ca8ef340d3 3529 cups_1.7.4-3.dsc e97bfa8c6eab6cc8c9045244ed88990915d86f163bb8237106cc1827526f32b9 302424 cups_1.7.4-3.debian.tar.xz 4f684379103224e51e25f5016badd3f9a901842dbb4584726c9ec34f911a2a16 281518 libcups2_1.7.4-3_amd64.deb 61cbf7bbfa40562b718596cb7751b1186820dbdb4ae2039e8493367bb808ef96 114548 libcupsimage2_1.7.4-3_amd64.deb dba71e849325d645bfb8b7e5be14ccc32f7af2a8ee0ab6dc9d4372744d714805 126678 libcupscgi1_1.7.4-3_amd64.deb 24d5a7b1350c133128883005fb5ad772fcca72aa6f5413639f0c0ce643595c42 111644 libcupsmime1_1.7.4-3_amd64.deb 784216fa8f72c04b67b373934e92c91da96173ecd6ef1c21d156a8ffe0efc3bc 144194 libcupsppdc1_1.7.4-3_amd64.deb 26204295bea31cf61897e30c3a67a688b6a8e2b5ad08a882df707a2242c94dbc 289800 cups_1.7.4-3_amd64.deb 17f35711b93d291adb916416d82de5e10958aa98989d2a28562c5fda97ea0ef2 125012 cups-core-drivers_1.7.4-3_amd64.deb c771ed079ba17b5ea48a5570b0ae77d6058205ff1e46a3547b1a129c58d6dbbc 372570 cups-daemon_1.7.4-3_amd64.deb c95e1330dde467cfa7718dcaff797401f85236634d345e81735a424ccc2e30b4 296406 cups-client_1.7.4-3_amd64.deb d9f5f1213fd77fc387af4990e8a9d267199865d1a19d002bef9751b1ca4d17c3 319284 libcups2-dev_1.7.4-3_amd64.deb 0392be1f376783b3df529c5c038b04593422b4ca87dcc1094d73696de5e42f43 17914 libcupsimage2-dev_1.7.4-3_amd64.deb ec05e7f90928020b08180e113d5514fdfb92b20d18ef43803863bb8374a24cd8 129164 libcupscgi1-dev_1.7.4-3_amd64.deb 00e3afc90539677668c69e22002a3491142496a3a0d6f46faa2cb98339bc2167 112314 libcupsmime1-dev_1.7.4-3_amd64.deb 925965d5b8d5ee0cd4e450fb4c6ac86547b45bc1c5dde1a396510dc5c8269941 149394 libcupsppdc1-dev_1.7.4-3_amd64.deb 55d8f4ee112c9cc0ab61cb879ffcc4a2bac3bd2fad013c1f9456df247ea1d55c 35162 cups-bsd_1.7.4-3_amd64.deb a04fd0e750265aa51a840a28301d9fc352768ce2037a696ab2d7df62c8982fa9 271832 cups-common_1.7.4-3_all.deb 3ab2cd19a2f699be3cf9db8a53816e96444ac6118e07cd82d01d4a8a7105bbb0 615068 cups-server-common_1.7.4-3_all.deb 050ab3ee27b246ccc3e5939d1066b66d7e94dd48323111551f6e1b75ac6dfbcf 124882 cups-ppdc_1.7.4-3_amd64.deb f8d1e35f3831115d12d2b5e30443f584c01189e37be26c3ae8e896a919f6b0f7 1737174 cups-dbg_1.7.4-3_amd64.deb Files: 197e50ee43738826be11291f0d539c6c 281518 libs optional libcups2_1.7.4-3_amd64.deb c005d96acc5b5873c8b2b439a3aa0032 114548 libs optional libcupsimage2_1.7.4-3_amd64.deb a5efde535e94160ee04591c9c0629f08 126678 libs optional libcupscgi1_1.7.4-3_amd64.deb 774ad3e32b0cc9c44f0baae88e82532a 111644 libs optional libcupsmime1_1.7.4-3_amd64.deb cb79c51f13a8a68bf123d0a2fc7d0878 144194 libs optional libcupsppdc1_1.7.4-3_amd64.deb 38324e408f65dda108dc87d0fa94b252 289800 net optional cups_1.7.4-3_amd64.deb 89491cfbc85390f8c7f6c92ab5ca3f17 125012 net optional cups-core-drivers_1.7.4-3_amd64.deb fa343fd6e47f80a9a6d57c474050d0ed 372570 net optional cups-daemon_1.7.4-3_amd64.deb acfa3cd325769a02980d7357a72fcc04 296406 net optional cups-client_1.7.4-3_amd64.deb bc5fed671dd774ef2a7ea1c7f3c2a76d 319284 libdevel optional libcups2-dev_1.7.4-3_amd64.deb f9ca1af6ac9048e4f92a638446a4e497 17914 libdevel optional libcupsimage2-dev_1.7.4-3_amd64.deb df0e3d2f7272315d91ff1dafa1dd7915 129164 libdevel optional libcupscgi1-dev_1.7.4-3_amd64.deb d1a2954fdfbc7fa4cbefff5ca44f8085 112314 libdevel optional libcupsmime1-dev_1.7.4-3_amd64.deb 8f767a5104d514a11fd7725715b2b67a 149394 libdevel optional libcupsppdc1-dev_1.7.4-3_amd64.deb 5727231c5aa1000d5f36d0d5c8943dde 35162 net extra cups-bsd_1.7.4-3_amd64.deb c034e717aa2554db602fa0bb24b7c851 271832 net optional cups-common_1.7.4-3_all.deb fb56b9359a5421761cf967d2236845a0 615068 net optional cups-server-common_1.7.4-3_all.deb 5ba168e5c582a00f603ede102b1d550a 124882 utils optional cups-ppdc_1.7.4-3_amd64.deb e80430bb2e89b39544ff75d98743c4b4 1737174 debug extra cups-dbg_1.7.4-3_amd64.deb f3d88aaf8d22cf8f2e44c10a3d639a31 3529 net optional cups_1.7.4-3.dsc ea08f5be0c1934f8c5451a98c5acc429 302424 net optional cups_1.7.4-3.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCAAGBQJT1gRvAAoJEIvPpx7KFjRVeBYL/Ayr9NFXJtmqtmmXgZhx/tSe w23ya0aYl60u5TByyAaUwWpQL6T3OJMd2A8FkEBISWbH2s0+/2bMnzXVUdUfgba2 lb1aRwalpoWiqvu1JkZEUH5q6/XYQ6TYymdNGkoZWAJaOXVAyVfOAp5n6eMEX+r3 Y6TbDdcW76/GjMZS8LapJuznpTc6mNz+odcplTOTxlZIF9m4xsu2Y7eHh2DNI3xd w060vBItq3lByIWjwriSTMkEwE2U8911sZ7KSq0ARBpo4JHuNV2gDYf994G5cBaT T32/uQmrE9/5xrZATHuAl4Uw2fcHE2NLkzKmy/x4gjPKqTYSrCekcgjkvQxouXY5 M5LQXvHTCcYX+zTPeJ0Z2dSCOujr6ExJZxd6VC93j6E73H/fJswCGRUuQBLm+mtD 923EUjccOkWBulfxlgQsqSILBuyypaAYxjt/hlUXyONWOAAOef/QtPhVKb5IpGzc 00a+e0tfsoqjg6pq6GvpoyV+CcZiXXsCybOoATVJ8Q== =px8U -----END PGP SIGNATURE-----
--- End Message ---