All the vulnerabilites related to OpenPrinting - cups
var-202205-1953
Vulnerability from variot
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. macOS contains an improper comparison vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Summary:
OpenShift API for Data Protection (OADP) 1.0.4 is now available. Description:
OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Bugs fixed (https://bugzilla.redhat.com/):
2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
Bug Fix(es):
-
30-second delays printing to Windows 2016 server via HTTPS (BZ#2073531)
For the oldstable distribution (buster), this problem has been fixed in version 2.2.10-6+deb10u6.
For the stable distribution (bullseye), this problem has been fixed in version 2.3.3op2-3+deb11u2.
We recommend that you upgrade your cups packages.
For the detailed security status of cups please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cups
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKP0LQACgkQEMKTtsN8 TjazShAAuLbe1vQOBAX5nUuVTW4fk96gzx899Aep8Wl4AWFmLRSWzdpPVeIEuWei wgQycz4YFzKNr+FeCBIx5ZwnmddPd30RYFQjgkUg/UbFD2z3yifT5M3OQRpgsE4+ EWGPR8V2vZEw+20H22ZhtXGzPiwM+czt120v2mBX2Zf2xOtPLAFtVcLJN5PJsgfO hEgHn5zUwumqYEzD7kZNgT98eHtrUvwO3nCveOXWzR4dMD/KgMmCGQIQi+dawEef JJNRgvqIgb2sqxxYPHlq/IHQ5H7/NeYfqsHZxf2sRcRRu3XVYql4wMOiegZRk3xz +inf0V4GbVBiMfjDJYv3WnsGzm7W4I6rMTfhSq783yXSh6AUt2l/u6xoc7ca6vvd lTk5l/9ZhsFxzWdAgUA7ceqmciXCE+yTGaRDw4yP05Vp4cTBKggOz7dws5t75ixH /JHwyVQ72AtFiMkMgRjKv8+zP0FbWiOrS3EDyvCjP3vx69dXie2Z1/HvGtoaFY4f HgjAbq2i+f8umwYvcf8cdErjRz9CIX09+TuX/J/M1D8X5TNw4KRx3DChca+o94+Q ZNznkpoCnMVfmUe83P8PgcGLMD0hGai5AnjlroDJyvZn3aD84PVLdDY35wnR/6eq DyB81widY5C9SURR/CUWXx2F1NaWLmAsQbLttlFLwzVqUTf76j8= =jd0o -----END PGP SIGNATURE----- . Solution:
For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes:
https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html
For Red Hat OpenShift Logging 5.4, see the following instructions to apply this update:
https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html
- Bugs fixed (https://bugzilla.redhat.com/):
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2536 - Setting up ODF S3 for loki
LOG-2640 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated.
LOG-2757 - [release-5.4] index rollover cronjob fails on openshift-logging operator
LOG-2762 - [release-5.4]Events and CLO csv are not collected after running oc adm must-gather --image=$downstream-clo-image
LOG-2780 - Loki cannot send logs after upgrade to 5.4.3 from 5.4.2 with 'http'
LOG-2781 - OpenShift Logging Dashboard for Elastic Shards shows "active_primary" instead of "active" shards.
LOG-2786 - [release-5.4] Token not added to Vector config when forwarding logs to Lokistack with Token+CA bundle.
LOG-2791 - [release-5.4] ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: cups security update Advisory ID: RHSA-2022:5055-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5055 Issue date: 2022-06-15 CVE Names: CVE-2022-26691 =====================================================================
- Summary:
An update for cups is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64
- Description:
The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.
Security Fix(es):
- cups: authorization bypass when using "local" authorization (CVE-2022-26691)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, the cupsd service will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
2084321 - CVE-2022-26691 cups: authorization bypass when using "local" authorization
- Package List:
Red Hat Enterprise Linux AppStream EUS (v. 8.2):
aarch64: cups-2.2.6-33.el8_2.1.aarch64.rpm cups-client-2.2.6-33.el8_2.1.aarch64.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-debugsource-2.2.6-33.el8_2.1.aarch64.rpm cups-devel-2.2.6-33.el8_2.1.aarch64.rpm cups-ipptool-2.2.6-33.el8_2.1.aarch64.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-lpd-2.2.6-33.el8_2.1.aarch64.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm
noarch: cups-filesystem-2.2.6-33.el8_2.1.noarch.rpm
ppc64le: cups-2.2.6-33.el8_2.1.ppc64le.rpm cups-client-2.2.6-33.el8_2.1.ppc64le.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-debugsource-2.2.6-33.el8_2.1.ppc64le.rpm cups-devel-2.2.6-33.el8_2.1.ppc64le.rpm cups-ipptool-2.2.6-33.el8_2.1.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-lpd-2.2.6-33.el8_2.1.ppc64le.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm
s390x: cups-2.2.6-33.el8_2.1.s390x.rpm cups-client-2.2.6-33.el8_2.1.s390x.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-debugsource-2.2.6-33.el8_2.1.s390x.rpm cups-devel-2.2.6-33.el8_2.1.s390x.rpm cups-ipptool-2.2.6-33.el8_2.1.s390x.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-lpd-2.2.6-33.el8_2.1.s390x.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.s390x.rpm
x86_64: cups-2.2.6-33.el8_2.1.x86_64.rpm cups-client-2.2.6-33.el8_2.1.x86_64.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-debugsource-2.2.6-33.el8_2.1.i686.rpm cups-debugsource-2.2.6-33.el8_2.1.x86_64.rpm cups-devel-2.2.6-33.el8_2.1.i686.rpm cups-devel-2.2.6-33.el8_2.1.x86_64.rpm cups-ipptool-2.2.6-33.el8_2.1.x86_64.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-lpd-2.2.6-33.el8_2.1.x86_64.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm
Red Hat Enterprise Linux BaseOS EUS (v. 8.2):
Source: cups-2.2.6-33.el8_2.1.src.rpm
aarch64: cups-client-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-debugsource-2.2.6-33.el8_2.1.aarch64.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-libs-2.2.6-33.el8_2.1.aarch64.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm
ppc64le: cups-client-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-debugsource-2.2.6-33.el8_2.1.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-libs-2.2.6-33.el8_2.1.ppc64le.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm
s390x: cups-client-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-debugsource-2.2.6-33.el8_2.1.s390x.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-libs-2.2.6-33.el8_2.1.s390x.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.s390x.rpm
x86_64: cups-client-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-debugsource-2.2.6-33.el8_2.1.i686.rpm cups-debugsource-2.2.6-33.el8_2.1.x86_64.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-libs-2.2.6-33.el8_2.1.i686.rpm cups-libs-2.2.6-33.el8_2.1.x86_64.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-26691 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYqod1tzjgjWX9erEAQhBKg//SHPCnzKfy01h9CMuvhjLi8tAwiOYOU9x tB+OQpJ979g2FAN6AWwCSesQzkpoOpLF9A/2QFnQsl33uWkVZmV32rniZ2BQ/FBj FDtU69ysQwSBgeySu6J+N34o1Wel78YagmTgPgIFCpT5GXL+/aGuSswq5WAqe41Y 7k5flG0z6zDD108RNG7vUg0B2CPZkQkK18jj/OPUQtWlDA3S5RDGkDzX8onBNO1z 7uKz6CtqCNVvd+J6XlgXq3hjGYKEs2+kic4Z5ezRGER3U7C9IfS0ZmZlCjr5jVSc UXghrbjFV0aKSZtwzPNhW/smfCXyqwQ7TtaGfRqzsoU4AvvmUEPYStnNw5P1CYq8 1itaxdM0wSl+D2OcU8SGTMFgnMZBfHy79gopq7JPtcc5hx0gCyOt1M7N/0HmEBt7 Oqj79IGh/Ok7OUbwwi5lNyOGBBl4M8KhNvHav5Y7loCP9usOhTAW/hFfRyasNnHD 6DZVa+Cg1QN40O+T5UtMNTCpirAtIrQncjpjO3p0ZwCzR3a2yNJ+jMfGfpfN1Oif OlJWvwryUeSSRmX3H0afKn2IANG4qWMsrOesca3a0T+Cnw8AdFqfNEI5H0WDHpPo 0K3jTAFGEPzpQAsmv/ENRah5+xMHvvzguX0Y876jNHeudoJBb+/bQtLbo9ZUR+Cp CIexjs+IfbE= =BOLW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202402-17
https://security.gentoo.org/
Severity: High Title: CUPS: Multiple Vulnerabilities Date: February 18, 2024 Bugs: #847625, #907675, #909018, #914781 ID: 202402-17
Synopsis
Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution.
Affected packages
Package Vulnerable Unaffected
net-print/cups < 2.4.7 >= 2.4.7
Description
Multiple vulnerabilities have been discovered in CUPS. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All CUPS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-2.4.7"
References
[ 1 ] CVE-2022-26691 https://nvd.nist.gov/vuln/detail/CVE-2022-26691 [ 2 ] CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 [ 3 ] CVE-2023-32324 https://nvd.nist.gov/vuln/detail/CVE-2023-32324 [ 4 ] CVE-2023-34241 https://nvd.nist.gov/vuln/detail/CVE-2023-34241
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202402-17
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1953",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "gt",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.0"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "cups",
"scope": "lt",
"trust": 1.0,
"vendor": "openprinting",
"version": "2.4.2"
},
{
"model": "cups",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "499.4"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.5"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.3"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "cups",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "cups",
"scope": null,
"trust": 0.8,
"vendor": "openprinting",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011787"
},
{
"db": "NVD",
"id": "CVE-2022-26691"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.15.7",
"versionStartIncluding": "10.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.6.5",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.3",
"versionStartExcluding": "12.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "499.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.4.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26691"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168351"
},
{
"db": "PACKETSTORM",
"id": "167510"
},
{
"db": "PACKETSTORM",
"id": "167507"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167501"
},
{
"db": "PACKETSTORM",
"id": "167514"
}
],
"trust": 0.6
},
"cve": "CVE-2022-26691",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2022-26691",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-417360",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-26691",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-26691",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-4149",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-417360",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417360"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011787"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4149"
},
{
"db": "NVD",
"id": "CVE-2022-26691"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. macOS contains an improper comparison vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Summary:\n\nOpenShift API for Data Protection (OADP) 1.0.4 is now available. Description:\n\nOpenShift API for Data Protection (OADP) enables you to back up and restore\napplication resources, persistent volume data, and internal container\nimages to external backup storage. OADP enables both file system-based and\nsnapshot-based backups for persistent volumes. Bugs fixed (https://bugzilla.redhat.com/):\n\n2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter\n2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\n5. \n\nBug Fix(es):\n\n* 30-second delays printing to Windows 2016 server via HTTPS (BZ#2073531)\n\n4. \n\nFor the oldstable distribution (buster), this problem has been fixed\nin version 2.2.10-6+deb10u6. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.3.3op2-3+deb11u2. \n\nWe recommend that you upgrade your cups packages. \n\nFor the detailed security status of cups please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/cups\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKP0LQACgkQEMKTtsN8\nTjazShAAuLbe1vQOBAX5nUuVTW4fk96gzx899Aep8Wl4AWFmLRSWzdpPVeIEuWei\nwgQycz4YFzKNr+FeCBIx5ZwnmddPd30RYFQjgkUg/UbFD2z3yifT5M3OQRpgsE4+\nEWGPR8V2vZEw+20H22ZhtXGzPiwM+czt120v2mBX2Zf2xOtPLAFtVcLJN5PJsgfO\nhEgHn5zUwumqYEzD7kZNgT98eHtrUvwO3nCveOXWzR4dMD/KgMmCGQIQi+dawEef\nJJNRgvqIgb2sqxxYPHlq/IHQ5H7/NeYfqsHZxf2sRcRRu3XVYql4wMOiegZRk3xz\n+inf0V4GbVBiMfjDJYv3WnsGzm7W4I6rMTfhSq783yXSh6AUt2l/u6xoc7ca6vvd\nlTk5l/9ZhsFxzWdAgUA7ceqmciXCE+yTGaRDw4yP05Vp4cTBKggOz7dws5t75ixH\n/JHwyVQ72AtFiMkMgRjKv8+zP0FbWiOrS3EDyvCjP3vx69dXie2Z1/HvGtoaFY4f\nHgjAbq2i+f8umwYvcf8cdErjRz9CIX09+TuX/J/M1D8X5TNw4KRx3DChca+o94+Q\nZNznkpoCnMVfmUe83P8PgcGLMD0hGai5AnjlroDJyvZn3aD84PVLdDY35wnR/6eq\nDyB81widY5C9SURR/CUWXx2F1NaWLmAsQbLttlFLwzVqUTf76j8=\n=jd0o\n-----END PGP SIGNATURE-----\n. Solution:\n\nFor OpenShift Container Platform 4.10 see the following documentation,\nwhich will be updated shortly, for detailed release notes:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html\n\nFor Red Hat OpenShift Logging 5.4, see the following instructions to apply\nthis update:\n\nhttps://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2536 - Setting up ODF S3 for loki\nLOG-2640 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. \nLOG-2757 - [release-5.4] index rollover cronjob fails on openshift-logging operator\nLOG-2762 - [release-5.4]Events and CLO csv are not collected after running `oc adm must-gather --image=$downstream-clo-image `\nLOG-2780 - Loki cannot send logs after upgrade to 5.4.3 from 5.4.2 with \u0027http\u0027\nLOG-2781 - OpenShift Logging Dashboard for Elastic Shards shows \"active_primary\" instead of \"active\" shards. \nLOG-2786 - [release-5.4] Token not added to Vector config when forwarding logs to Lokistack with Token+CA bundle. \nLOG-2791 - [release-5.4] ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image\n\n6. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: cups security update\nAdvisory ID: RHSA-2022:5055-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:5055\nIssue date: 2022-06-15\nCVE Names: CVE-2022-26691 \n=====================================================================\n\n1. Summary:\n\nAn update for cups is now available for Red Hat Enterprise Linux 8.2\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe Common UNIX Printing System (CUPS) provides a portable printing layer\nfor Linux, UNIX, and similar operating systems. \n\nSecurity Fix(es):\n\n* cups: authorization bypass when using \"local\" authorization\n(CVE-2022-26691)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the cupsd service will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2084321 - CVE-2022-26691 cups: authorization bypass when using \"local\" authorization\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream EUS (v. 8.2):\n\naarch64:\ncups-2.2.6-33.el8_2.1.aarch64.rpm\ncups-client-2.2.6-33.el8_2.1.aarch64.rpm\ncups-client-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\ncups-debugsource-2.2.6-33.el8_2.1.aarch64.rpm\ncups-devel-2.2.6-33.el8_2.1.aarch64.rpm\ncups-ipptool-2.2.6-33.el8_2.1.aarch64.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\ncups-lpd-2.2.6-33.el8_2.1.aarch64.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\n\nnoarch:\ncups-filesystem-2.2.6-33.el8_2.1.noarch.rpm\n\nppc64le:\ncups-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-client-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-client-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-debugsource-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-devel-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-ipptool-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-lpd-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\n\ns390x:\ncups-2.2.6-33.el8_2.1.s390x.rpm\ncups-client-2.2.6-33.el8_2.1.s390x.rpm\ncups-client-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\ncups-debugsource-2.2.6-33.el8_2.1.s390x.rpm\ncups-devel-2.2.6-33.el8_2.1.s390x.rpm\ncups-ipptool-2.2.6-33.el8_2.1.s390x.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\ncups-lpd-2.2.6-33.el8_2.1.s390x.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\n\nx86_64:\ncups-2.2.6-33.el8_2.1.x86_64.rpm\ncups-client-2.2.6-33.el8_2.1.x86_64.rpm\ncups-client-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-client-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\ncups-debugsource-2.2.6-33.el8_2.1.i686.rpm\ncups-debugsource-2.2.6-33.el8_2.1.x86_64.rpm\ncups-devel-2.2.6-33.el8_2.1.i686.rpm\ncups-devel-2.2.6-33.el8_2.1.x86_64.rpm\ncups-ipptool-2.2.6-33.el8_2.1.x86_64.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\ncups-lpd-2.2.6-33.el8_2.1.x86_64.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS EUS (v. 8.2):\n\nSource:\ncups-2.2.6-33.el8_2.1.src.rpm\n\naarch64:\ncups-client-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\ncups-debugsource-2.2.6-33.el8_2.1.aarch64.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\ncups-libs-2.2.6-33.el8_2.1.aarch64.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm\n\nppc64le:\ncups-client-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-debugsource-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-libs-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm\n\ns390x:\ncups-client-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\ncups-debugsource-2.2.6-33.el8_2.1.s390x.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\ncups-libs-2.2.6-33.el8_2.1.s390x.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.s390x.rpm\n\nx86_64:\ncups-client-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-client-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\ncups-debugsource-2.2.6-33.el8_2.1.i686.rpm\ncups-debugsource-2.2.6-33.el8_2.1.x86_64.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-ipptool-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\ncups-libs-2.2.6-33.el8_2.1.i686.rpm\ncups-libs-2.2.6-33.el8_2.1.x86_64.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-libs-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.i686.rpm\ncups-lpd-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-26691\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYqod1tzjgjWX9erEAQhBKg//SHPCnzKfy01h9CMuvhjLi8tAwiOYOU9x\ntB+OQpJ979g2FAN6AWwCSesQzkpoOpLF9A/2QFnQsl33uWkVZmV32rniZ2BQ/FBj\nFDtU69ysQwSBgeySu6J+N34o1Wel78YagmTgPgIFCpT5GXL+/aGuSswq5WAqe41Y\n7k5flG0z6zDD108RNG7vUg0B2CPZkQkK18jj/OPUQtWlDA3S5RDGkDzX8onBNO1z\n7uKz6CtqCNVvd+J6XlgXq3hjGYKEs2+kic4Z5ezRGER3U7C9IfS0ZmZlCjr5jVSc\nUXghrbjFV0aKSZtwzPNhW/smfCXyqwQ7TtaGfRqzsoU4AvvmUEPYStnNw5P1CYq8\n1itaxdM0wSl+D2OcU8SGTMFgnMZBfHy79gopq7JPtcc5hx0gCyOt1M7N/0HmEBt7\nOqj79IGh/Ok7OUbwwi5lNyOGBBl4M8KhNvHav5Y7loCP9usOhTAW/hFfRyasNnHD\n6DZVa+Cg1QN40O+T5UtMNTCpirAtIrQncjpjO3p0ZwCzR3a2yNJ+jMfGfpfN1Oif\nOlJWvwryUeSSRmX3H0afKn2IANG4qWMsrOesca3a0T+Cnw8AdFqfNEI5H0WDHpPo\n0K3jTAFGEPzpQAsmv/ENRah5+xMHvvzguX0Y876jNHeudoJBb+/bQtLbo9ZUR+Cp\nCIexjs+IfbE=\n=BOLW\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202402-17\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: CUPS: Multiple Vulnerabilities\n Date: February 18, 2024\n Bugs: #847625, #907675, #909018, #914781\n ID: 202402-17\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in CUPS, the worst of\nwhich can lead to arbitrary code execution. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------- ------------ ------------\nnet-print/cups \u003c 2.4.7 \u003e= 2.4.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in CUPS. Please review the\nCVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll CUPS users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-print/cups-2.4.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-26691\n https://nvd.nist.gov/vuln/detail/CVE-2022-26691\n[ 2 ] CVE-2023-4504\n https://nvd.nist.gov/vuln/detail/CVE-2023-4504\n[ 3 ] CVE-2023-32324\n https://nvd.nist.gov/vuln/detail/CVE-2023-32324\n[ 4 ] CVE-2023-34241\n https://nvd.nist.gov/vuln/detail/CVE-2023-34241\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202402-17\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2024 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26691"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011787"
},
{
"db": "VULHUB",
"id": "VHN-417360"
},
{
"db": "PACKETSTORM",
"id": "168351"
},
{
"db": "PACKETSTORM",
"id": "167510"
},
{
"db": "PACKETSTORM",
"id": "169349"
},
{
"db": "PACKETSTORM",
"id": "167507"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167501"
},
{
"db": "PACKETSTORM",
"id": "167514"
},
{
"db": "PACKETSTORM",
"id": "177174"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26691",
"trust": 4.1
},
{
"db": "PACKETSTORM",
"id": "167514",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167845",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91198149",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-24-046-11",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011787",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167332",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "167338",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168228",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022053129",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022052626",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022053018",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022072010",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022070643",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060108",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2675",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4324",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3977",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2609",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3236",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4149",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167501",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167510",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167507",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "167512",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-417360",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168351",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169349",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "177174",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417360"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011787"
},
{
"db": "PACKETSTORM",
"id": "168351"
},
{
"db": "PACKETSTORM",
"id": "167510"
},
{
"db": "PACKETSTORM",
"id": "169349"
},
{
"db": "PACKETSTORM",
"id": "167507"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167501"
},
{
"db": "PACKETSTORM",
"id": "167514"
},
{
"db": "PACKETSTORM",
"id": "177174"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4149"
},
{
"db": "NVD",
"id": "CVE-2022-26691"
}
]
},
"id": "VAR-202205-1953",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-417360"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T19:32:01.924000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213184 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html"
},
{
"title": "Apple macOS Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=195379"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011787"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4149"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-697",
"trust": 1.0
},
{
"problemtype": "Inappropriate comparison (CWE-697) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-269",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417360"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011787"
},
{
"db": "NVD",
"id": "CVE-2022-26691"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.debian.org/security/2022/dsa-5149"
},
{
"trust": 1.7,
"url": "https://github.com/openprinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444"
},
{
"trust": 1.7,
"url": "https://github.com/mandiant/vulnerability-disclosures/blob/master/2022/mndt-2022-0026/mndt-2022-0026.md"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213183"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213184"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht213185"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26691"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26691"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kq6td7f3vritpehfdhzhk7mu6febmz5u/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yqrit4h75xv6m42k7ztarwz7yllyqhpo/"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91198149/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kq6td7f3vritpehfdhzhk7mu6febmz5u/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yqrit4h75xv6m42k7ztarwz7yllyqhpo/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26691/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022052626"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3977"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167332/ubuntu-security-notice-usn-5454-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167845/red-hat-security-advisory-2022-5556-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168228/red-hat-security-advisory-2022-6290-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb20220720108"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cups-privilege-escalation-via-local-authorization-certificate-strings-comparison-38451"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2609"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060108"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167338/ubuntu-security-notice-usn-5454-2.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167514/red-hat-security-advisory-2022-4990-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022053018"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022070643"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2675"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3236"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4324"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022053129"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1271"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25314"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-25313"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1271"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32148"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1962"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6430"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21698"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-2526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29154"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1962"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5056"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/cups"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5057"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27666"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1629"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1621"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:5055"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:4990"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202402-17"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-34241"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-4504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-32324"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417360"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011787"
},
{
"db": "PACKETSTORM",
"id": "168351"
},
{
"db": "PACKETSTORM",
"id": "167510"
},
{
"db": "PACKETSTORM",
"id": "169349"
},
{
"db": "PACKETSTORM",
"id": "167507"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167501"
},
{
"db": "PACKETSTORM",
"id": "167514"
},
{
"db": "PACKETSTORM",
"id": "177174"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4149"
},
{
"db": "NVD",
"id": "CVE-2022-26691"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-417360"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-011787"
},
{
"db": "PACKETSTORM",
"id": "168351"
},
{
"db": "PACKETSTORM",
"id": "167510"
},
{
"db": "PACKETSTORM",
"id": "169349"
},
{
"db": "PACKETSTORM",
"id": "167507"
},
{
"db": "PACKETSTORM",
"id": "167845"
},
{
"db": "PACKETSTORM",
"id": "167501"
},
{
"db": "PACKETSTORM",
"id": "167514"
},
{
"db": "PACKETSTORM",
"id": "177174"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4149"
},
{
"db": "NVD",
"id": "CVE-2022-26691"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-26T00:00:00",
"db": "VULHUB",
"id": "VHN-417360"
},
{
"date": "2023-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-011787"
},
{
"date": "2022-09-13T15:41:58",
"db": "PACKETSTORM",
"id": "168351"
},
{
"date": "2022-06-20T00:43:44",
"db": "PACKETSTORM",
"id": "167510"
},
{
"date": "2022-05-28T19:12:00",
"db": "PACKETSTORM",
"id": "169349"
},
{
"date": "2022-06-20T00:37:04",
"db": "PACKETSTORM",
"id": "167507"
},
{
"date": "2022-07-27T17:28:30",
"db": "PACKETSTORM",
"id": "167845"
},
{
"date": "2022-06-20T00:29:28",
"db": "PACKETSTORM",
"id": "167501"
},
{
"date": "2022-06-20T00:46:30",
"db": "PACKETSTORM",
"id": "167514"
},
{
"date": "2024-02-19T14:20:19",
"db": "PACKETSTORM",
"id": "177174"
},
{
"date": "2022-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-4149"
},
{
"date": "2022-05-26T18:15:09.340000",
"db": "NVD",
"id": "CVE-2022-26691"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-417360"
},
{
"date": "2024-02-19T06:47:00",
"db": "JVNDB",
"id": "JVNDB-2022-011787"
},
{
"date": "2022-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-4149"
},
{
"date": "2023-11-07T03:45:07.730000",
"db": "NVD",
"id": "CVE-2022-26691"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "169349"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-4149"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "macOS\u00a0 Improper Comparison Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-011787"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-4149"
}
],
"trust": 0.6
}
}
cve-2023-34241
Vulnerability from cvelistv5
Published
2023-06-22 22:39
Modified
2024-08-02 16:01
Severity
Summary
CUPS vulnerable to use-after-free in cupsdAcceptClient()
References
Impacted products
| Vendor | Product |
|---|---|
| OpenPrinting | cups |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:54.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25"
},
{
"name": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2"
},
{
"name": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/06/23/10"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/06/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213843"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213844"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213845"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cups",
"vendor": "OpenPrinting",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.\n\nThe exact cause of this issue is the function `httpClose(con-\u003ehttp)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.\n\nVersion 2.4.6 has a patch for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-22T22:39:32.400Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25"
},
{
"name": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2"
},
{
"name": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/23/10"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/26/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/"
},
{
"url": "https://support.apple.com/kb/HT213843"
},
{
"url": "https://support.apple.com/kb/HT213844"
},
{
"url": "https://support.apple.com/kb/HT213845"
}
],
"source": {
"advisory": "GHSA-qjgh-5hcq-5f25",
"discovery": "UNKNOWN"
},
"title": "CUPS vulnerable to use-after-free in cupsdAcceptClient()"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34241",
"datePublished": "2023-06-22T22:39:32.400Z",
"dateReserved": "2023-05-31T13:51:51.171Z",
"dateUpdated": "2024-08-02T16:01:54.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-26691
Vulnerability from cvelistv5
Published
2022-05-26 17:47
Modified
2024-08-03 05:11
Severity
Summary
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
References
| URL | Tags |
|---|---|
| https://support.apple.com/en-us/HT213183 | x_refsource_MISC |
| https://support.apple.com/en-us/HT213184 | x_refsource_MISC |
| https://support.apple.com/en-us/HT213185 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html | mailing-list, x_refsource_MLIST |
| https://www.debian.org/security/2022/dsa-5149 | vendor-advisory, x_refsource_DEBIAN |
| https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/ | vendor-advisory, x_refsource_FEDORA |
| https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:44.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213183"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT213185"
},
{
"name": "[debian-lts-announce] 20220527 [SECURITY] [DLA 3029-1] cups security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html"
},
{
"name": "DSA-5149",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5149"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md"
},
{
"name": "FEDORA-2022-09a89bc265",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444"
},
{
"name": "FEDORA-2022-39e057bc6d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "12.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2022",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An application may be able to gain elevated privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-16T03:06:13",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT213183"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT213184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT213185"
},
{
"name": "[debian-lts-announce] 20220527 [SECURITY] [DLA 3029-1] cups security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html"
},
{
"name": "DSA-5149",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5149"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md"
},
{
"name": "FEDORA-2022-09a89bc265",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444"
},
{
"name": "FEDORA-2022-39e057bc6d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2022-26691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "12.3"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "11.6"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2022"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An application may be able to gain elevated privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT213183",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213183"
},
{
"name": "https://support.apple.com/en-us/HT213184",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213184"
},
{
"name": "https://support.apple.com/en-us/HT213185",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT213185"
},
{
"name": "[debian-lts-announce] 20220527 [SECURITY] [DLA 3029-1] cups security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html"
},
{
"name": "DSA-5149",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5149"
},
{
"name": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md",
"refsource": "MISC",
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0026/MNDT-2022-0026.md"
},
{
"name": "FEDORA-2022-09a89bc265",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQ6TD7F3VRITPEHFDHZHK7MU6FEBMZ5U/"
},
{
"name": "https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444",
"refsource": "MISC",
"url": "https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444"
},
{
"name": "FEDORA-2022-39e057bc6d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YQRIT4H75XV6M42K7ZTARWZ7YLLYQHPO/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2022-26691",
"datePublished": "2022-05-26T17:47:59",
"dateReserved": "2022-03-08T00:00:00",
"dateUpdated": "2024-08-03T05:11:44.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-4504
Vulnerability from cvelistv5
Published
2023-09-21 22:47
Modified
2024-08-02 07:31
Severity
Summary
OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow
References
Impacted products
| Vendor | Product |
|---|---|
| OpenPrinting | CUPS |
| OpenPrinting | libppd |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"technical-description",
"third-party-advisory",
"x_transferred"
],
"url": "https://takeonme.org/cves/CVE-2023-4504.html"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h"
},
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CUPS",
"vendor": "OpenPrinting",
"versions": [
{
"lessThan": "2.4.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "libppd",
"vendor": "OpenPrinting",
"versions": [
{
"lessThan": "d09348b",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "zenofex"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "WanderingGlitch"
},
{
"lang": "en",
"type": "coordinator",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Austin Hackers Anonymous!"
}
],
"datePublic": "2023-09-20T12:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": " CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-23T15:02:59.759Z",
"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"shortName": "AHA"
},
"references": [
{
"tags": [
"technical-description",
"third-party-advisory"
],
"url": "https://takeonme.org/cves/CVE-2023-4504.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.7"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2GSPQAFK2Z6L57TRXEKZDF42K2EVBH7/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXPVADB56NMLJWG4IZ3OZBNJ2ZOLPQJ6/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43",
"assignerShortName": "AHA",
"cveId": "CVE-2023-4504",
"datePublished": "2023-09-21T22:47:41.879Z",
"dateReserved": "2023-08-23T21:14:04.183Z",
"dateUpdated": "2024-08-02T07:31:05.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-35235
Vulnerability from cvelistv5
Published
2024-06-11 14:13
Modified
2024-08-02 03:07
Severity
Summary
Cupsd Listen arbitrary chmod 0140777
References
Impacted products
| Vendor | Product |
|---|---|
| OpenPrinting | cups |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cups",
"vendor": "openprinting",
"versions": [
{
"lessThanOrEqual": "2.4.8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35235",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T17:02:39.998197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T17:04:30.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f"
},
{
"name": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d"
},
{
"name": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21"
},
{
"name": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/11/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/12/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/06/12/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cups",
"vendor": "OpenPrinting",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.4.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252: Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:13:23.771Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f"
},
{
"name": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d"
},
{
"name": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21",
"tags": [
"x_refsource_MISC"
],
"url": "https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21"
},
{
"name": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/11/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/12/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/06/12/5"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00001.html"
}
],
"source": {
"advisory": "GHSA-vvwp-mv6j-hw6f",
"discovery": "UNKNOWN"
},
"title": "Cupsd Listen arbitrary chmod 0140777"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-35235",
"datePublished": "2024-06-11T14:13:23.771Z",
"dateReserved": "2024-05-14T15:39:41.785Z",
"dateUpdated": "2024-08-02T03:07:46.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32324
Vulnerability from cvelistv5
Published
2023-06-01 16:04
Modified
2024-08-02 15:10
Severity
Summary
OpenPrinting CUPS vulnerable to heap buffer overflow
References
Impacted products
| Vendor | Product |
|---|---|
| OpenPrinting | cups |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "cups",
"vendor": "OpenPrinting",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-01T16:04:10.994Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html"
}
],
"source": {
"advisory": "GHSA-cxc6-w2g7-69p7",
"discovery": "UNKNOWN"
},
"title": "OpenPrinting CUPS vulnerable to heap buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32324",
"datePublished": "2023-06-01T16:04:10.994Z",
"dateReserved": "2023-05-08T13:26:03.880Z",
"dateUpdated": "2024-08-02T15:10:24.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}