ELA-978-1 cups security update
Package : cups
Version : 1.7.5-11+deb8u12 (jessie), 2.2.1-8+deb9u11 (stretch)
Related CVEs :
CVE-2023-4504
CVE-2023-32360
Two issues have been found in cups, the Common UNIX Printing System(tm).
CVE-2023-4504
Due to missing boundary checks a heap-based buffer overflow and code
execution might be possible by using crafted postscript documents.
CVE-2023-32360
Unauthorized users might be allowed to fetch recently printed documents.
Since this is a configuration fix, it might be that it does not reach
you if you are updating the package.
Please double check your /etc/cups/cupsd.conf file, whether it limits
the access to CUPS-Get-Document with something like the following
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
(The important line is the ‘AuthType Default’ in this section)
A cups security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address two issues.
