#19937 closed enhancement (fixed)
cups-2.4.9
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.2 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
This vulnerability was announced this morning. For some configurations, there wouldn't be much of an impact, but this issue allows for an arbitrary chmod to 0140777 if a Listen configuration item points to a symbolic link. Unlike most vulnerabilities though, this one has a PoC exploit inside of it's announcement, and we know that the issue is rated as moderate.
Change History (7)
comment:1 by , 10 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 10 months ago
comment:3 by , 10 months ago
| Summary: | Fix CVE-2024-35235 in CUPS → cups-2.4.9 |
|---|
That will make this a lot easier in a little while. :) Thank you Marty
comment:4 by , 10 months ago
Changes in CUPS v2.4.9 (2024-06-11)
Fixed domain socket handling (CVE-2024-35235)
Fixed creating of cupsUrfSupported PPD keyword (Issue #952)
Fixed searching for destinations in web ui (Issue #954)
Fixed TLS negotiation using OpenSSL with servers that require the TLS SNI extension.
Really raised cups_enum_dests() timeout for listing available IPP printers (Issue #751)...
Fixed Host header regression (Issue #967)
Fixed DNS-SD lookups of local services with Avahi (Issue #970)
Fixed listing jobs in destinations in web ui. (Apple issue #6204)
Fixed showing search query in web ui help page. (Issue #977)
comment:5 by , 10 months ago
Fixed at 31ac7e88a056449ca033b71af8e6f48a13b4bbe8
Leaving open for Security Advisory to come in a couple hours
comment:6 by , 10 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
You might like 2.4.9 whose release notes say this CVE is fixed.