pt., 4 paź 2024 o 14:05 Thorsten Alteholz <deb...@alteholz.de> napisał(a):
> Hi Marcin,
>
> On 04.10.24 13:52, Marcin Owsiany wrote:
>
> Indeed, on host B the following appears at the same time the print dialog
> hangs in evince ("piec" is host A):
>
> E [04/Oct/2024:13:29:44 +0200] HP_Smart_Tank_710_720_series_piec: Printer
> returned invalid data: \"media-supported\": Bad keyword value \"\" -
> invalid character (RFC 8011 section 5.1.4).
>
>
> yes, this message belongs to the new validation of attributes that was
> part of the latest patches.
> Unfortunately this printer does not behave correct, so I think this is
> rather a feature than a bug.
>
> FWIW, I did "sudo grep -R media-supported /etc 2>/dev/null" and that came
> back with nothing. So I guess it's a bug in the printer's firmware? Can I
> work this around somehow on the cups side?
>
>
> yes, this is a bug in the printer's firmware. cups asks the printer about
> some properties and one of the answers contains a non RFC-conform
> character. Other such characters resulted in an RCE, so this check is
> somewhat important. If there is no other firmware available, I am afraid
> you have to build your own cups package.
>
There is newer firmware, although I do not see a way to apply it from
Debian :-(
One thing I do not understand is why this invalid input is being accepted
over USB, but is a fatal error over TCP?
> The culprit is in 0024-CVE-2024-47175-and-further-hardening.patch for
> scheduler/ipp.c
>
Thanks for the pointer! I'll probably be able to hack around it, but I'm
afraid less technically savvy users might not be so lucky. Perhaps there
should be a break-glass option to keep being able to use one's hardware?
Marcin
