Source: cups Version: 2.4.7-1.2 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for cups. CVE-2024-35235[0]: | OpenPrinting CUPS is an open source printing system for Linux and | other Unix-like operating systems. In versions 2.4.8 and earlier, | when starting the cupsd server with a Listen configuration item | pointing to a symbolic link, the cupsd process can be caused to | perform an arbitrary chmod of the provided argument, providing | world-writable access to the target. Given that cupsd is often | running as root, this can result in the change of permission of any | user or system files to be world writable. Given the aforementioned | Ubuntu AppArmor context, on such systems this vulnerability is | limited to those files modifiable by the cupsd process. In that | specific case it was found to be possible to turn the configuration | of the Listen argument into full control over the cupsd.conf and | cups-files.conf configuration files. By later setting the User and | Group arguments in cups-files.conf, and printing with a printer | configured by PPD with a `FoomaticRIPCommandLine` argument, | arbitrary user and group (not root) command execution could be | achieved, which can further be used on Ubuntu systems to achieve | full root command execution. Commit | ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the | issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-35235 https://www.cve.org/CVERecord?id=CVE-2024-35235 [1] https://www.openwall.com/lists/oss-security/2024/06/11/1 [2] https://github.com/OpenPrinting/cups/commit/a436956f374b0fd7f5da9df482e4f5840fa1c0d2 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
