TL;DR: All versions of Red Hat Enterprise Linux (RHEL) are affected by CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177, but are not vulnerable in their default configurations.

Red Hat has been made aware of a group of vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177) within OpenPrinting CUPS, an open source printing system that is prevalent in most modern Linux distributions, including RHEL. Specifically, CUPS provides tools to manage, discover and share printers for Linux distributions. By chaining this group of vulnerabilities together, an attacker could potentially achieve remote code execution which could then lead to theft of sensitive data and/or damage to critical production systems.

Red Hat rates these issues with a severity impact of Important. While all versions of RHEL are affected, it is important to note that affected packages are not vulnerable in their default configuration. At this time, there are four CVEs assigned to these vulnerabilities, but the exact number is still being coordinated with the upstream community and the researcher who discovered the problem.

More details