Opened 2 years ago
Closed 2 years ago
#18623 closed enhancement (fixed)
cups-2.4.7
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (4)
comment:1 by , 2 years ago
| Priority: | normal → elevated |
|---|
comment:2 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 2 years ago
Release notes:
CUPS 2.4.7 is released to ship the fix for CVE-2023-4504 and several other changes,
among them it is adding OpenSSL support for cupsHashData function and bug fixes.
Detailed list:
CVE-2023-4504 - Fixed Heap-based buffer overflow when reading Postscript
in PPD files
Added OpenSSL support for cupsHashData (Issue #762)
Fixed delays in lpd backend (Issue #741)
Fixed extensive logging in scheduler (Issue #604)
Fixed hanging of lpstat on IBM AIX (Issue #773)
Fixed hanging of lpstat on Solaris (Issue #156)
Fixed printing to stderr if we can't open cups-files.conf (Issue #777)
Fixed purging job files via cancel -x (Issue #742)
Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743)
Fixed a bug in the PPD command interpretation code (Issue #768)
comment:4 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 5a83b91b3ea2160a4aac2018c78a2fd3343d8d74
SA-12.0-009 issued
Note:
See TracTickets
for help on using tickets.
CVE-2023-4504. See https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h, but the potential impact is code execution via a malicious postscript file.