Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-47076 (GCVE-0-2024-47076)
Vulnerability from cvelistv5 – Published: 2024-09-26 21:18 – Updated: 2025-11-03 22:19
VLAI?
EPSS
Summary
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
Severity ?
8.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OpenPrinting | libcupsfilters |
Affected:
<= 2.1b1
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openprinting:libcupsfilters:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libcupsfilters",
"vendor": "openprinting",
"versions": [
{
"lessThanOrEqual": "2.1b1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47076",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-28T03:55:45.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:59.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241011-0001/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00048.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libcupsfilters",
"vendor": "OpenPrinting",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.1b1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T22:01:09.793Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5"
},
{
"name": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"name": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47"
},
{
"name": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"name": "https://www.cups.org",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cups.org"
},
{
"name": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I"
}
],
"source": {
"advisory": "GHSA-w63j-6g73-wmg5",
"discovery": "UNKNOWN"
},
"title": "libcupsfilters\u0027s cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-47076",
"datePublished": "2024-09-26T21:18:22.067Z",
"dateReserved": "2024-09-17T17:42:37.030Z",
"dateUpdated": "2025-11-03T22:19:59.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.\"}, {\"lang\": \"es\", \"value\": \"CUPS es un sistema de impresi\\u00f3n de c\\u00f3digo abierto basado en est\\u00e1ndares, y `libcupsfilters` contiene el c\\u00f3digo de los filtros del antiguo paquete `cups-filters` como funciones de librer\\u00eda que se utilizar\\u00e1n para las tareas de conversi\\u00f3n de formato de datos necesarias en las aplicaciones de impresora. La funci\\u00f3n `cfGetPrinterAttributes5` en `libcupsfilters` no desinfecta los atributos IPP devueltos desde un servidor IPP. Cuando estos atributos IPP se utilizan, por ejemplo, para generar un archivo PPD, esto puede provocar que se proporcionen datos controlados por un atacante al resto del sistema CUPS.\"}]",
"id": "CVE-2024-47076",
"lastModified": "2024-11-21T09:39:23.823",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.0}]}",
"published": "2024-09-26T22:15:04.063",
"references": "[{\"url\": \"https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://www.cups.org\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-47076\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-09-26T22:15:04.063\",\"lastModified\":\"2025-11-03T23:16:12.397\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.\"},{\"lang\":\"es\",\"value\":\"CUPS es un sistema de impresi\u00f3n de c\u00f3digo abierto basado en est\u00e1ndares, y `libcupsfilters` contiene el c\u00f3digo de los filtros del antiguo paquete `cups-filters` como funciones de librer\u00eda que se utilizar\u00e1n para las tareas de conversi\u00f3n de formato de datos necesarias en las aplicaciones de impresora. La funci\u00f3n `cfGetPrinterAttributes5` en `libcupsfilters` no desinfecta los atributos IPP devueltos desde un servidor IPP. Cuando estos atributos IPP se utilizan, por ejemplo, para generar un archivo PPD, esto puede provocar que se proporcionen datos controlados por un atacante al resto del sistema CUPS.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openprinting:libcupsfilters:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.0\",\"matchCriteriaId\":\"DD3C88C8-8803-4C8C-A4CB-DAB1474BCF79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openprinting:libcupsfilters:2.1:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFD5B4F4-B4E7-4C27-A34B-EFC92A58B124\"}]}]}],\"references\":[{\"url\":\"https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.cups.org\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/09/msg00048.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241011-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241011-0001/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/09/msg00048.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T22:19:59.403Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47076\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-27T17:59:05.883824Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:openprinting:libcupsfilters:*:*:*:*:*:*:*:*\"], \"vendor\": \"openprinting\", \"product\": \"libcupsfilters\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.1b1\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-27T18:03:19.816Z\"}}], \"cna\": {\"title\": \"libcupsfilters\u0027s cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server\", \"source\": {\"advisory\": \"GHSA-w63j-6g73-wmg5\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"OpenPrinting\", \"product\": \"libcupsfilters\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 2.1b1\"}]}], \"references\": [{\"url\": \"https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5\", \"name\": \"https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8\", \"name\": \"https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47\", \"name\": \"https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6\", \"name\": \"https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.cups.org\", \"name\": \"https://www.cups.org\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I\", \"name\": \"https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-09-26T22:01:09.793Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-47076\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T22:19:59.403Z\", \"dateReserved\": \"2024-09-17T17:42:37.030Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-09-26T21:18:22.067Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-0924
Vulnerability from certfr_avis - Published: 2025-10-24 - Updated: 2025-10-24
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13 | ||
| IBM | Security QRadar Network Threat | Security QRadar Network Threat Analytics versions antérieures à 1.4.1 | ||
| IBM | Security QRadar Log Management AQL | Greffon Security QRadar Log Management AQL versions antérieures à 1.1.3 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.4.0.x antérieures à 6.4.0.0 iFix02 | ||
| IBM | Spectrum | Spectrum Symphony versions antérieures à 7.3.2 sans le correctif 602717 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.3.1.x antérieures à 6.3.1.0 iFix05 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services 6.4.x antérieures à 6.4.0.4 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.29 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services 6.3.x antérieures à 6.3.0.15 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar Network Threat Analytics versions ant\u00e9rieures \u00e0 1.4.1",
"product": {
"name": "Security QRadar Network Threat",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Greffon Security QRadar Log Management AQL versions ant\u00e9rieures \u00e0 1.1.3",
"product": {
"name": "Security QRadar Log Management AQL",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.0 iFix02",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Symphony versions ant\u00e9rieures \u00e0 7.3.2 sans le correctif 602717",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.1.x ant\u00e9rieures \u00e0 6.3.1.0 iFix05",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services 6.4.x ant\u00e9rieures \u00e0 6.4.0.4",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.29",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services 6.3.x ant\u00e9rieures \u00e0 6.3.0.15",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"name": "CVE-2024-47177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2024-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2024-22262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2024-38821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38821"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2023-50314",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50314"
},
{
"name": "CVE-2025-30153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2025-10-24T00:00:00",
"last_revision_date": "2025-10-24T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0924",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248583",
"url": "https://www.ibm.com/support/pages/node/7248583"
},
{
"published_at": "2025-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248935",
"url": "https://www.ibm.com/support/pages/node/7248935"
},
{
"published_at": "2025-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249065",
"url": "https://www.ibm.com/support/pages/node/7249065"
},
{
"published_at": "2025-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249063",
"url": "https://www.ibm.com/support/pages/node/7249063"
},
{
"published_at": "2025-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249064",
"url": "https://www.ibm.com/support/pages/node/7249064"
},
{
"published_at": "2025-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249062",
"url": "https://www.ibm.com/support/pages/node/7249062"
},
{
"published_at": "2025-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249013",
"url": "https://www.ibm.com/support/pages/node/7249013"
},
{
"published_at": "2025-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248293",
"url": "https://www.ibm.com/support/pages/node/7248293"
},
{
"published_at": "2025-10-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248548",
"url": "https://www.ibm.com/support/pages/node/7248548"
}
]
}
CERTFR-2025-AVI-0512
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.16 | ||
| IBM | Db2 | Db2 versions antérieures à 5.2.0 pour Cloud Pak for Data | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 FP1 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 IF4 | ||
| IBM | Db2 Warehouse | Db2 warehouse versions antérieures à 5.2.0 pour Cloud Pak for Data |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 IF4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 warehouse versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
"product": {
"name": "Db2 Warehouse",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0917"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"name": "CVE-2024-47177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-26612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2024-31881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2025-0923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0923"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-31880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2024-28762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2025-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2024-37529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37529"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2021-25642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25642"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-52046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52046"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-57965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
},
{
"name": "CVE-2023-29267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
},
{
"name": "CVE-2024-31882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31882"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2023-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2022-42969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2024-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
},
{
"name": "CVE-2024-35152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35152"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2025-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25032"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2023-39663",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39663"
},
{
"name": "CVE-2024-35136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35136"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0512",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7236500",
"url": "https://www.ibm.com/support/pages/node/7236500"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7234674",
"url": "https://www.ibm.com/support/pages/node/7234674"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7236354",
"url": "https://www.ibm.com/support/pages/node/7236354"
}
]
}
CERTFR-2025-AVI-0512
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.16 | ||
| IBM | Db2 | Db2 versions antérieures à 5.2.0 pour Cloud Pak for Data | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 FP1 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 IF4 | ||
| IBM | Db2 Warehouse | Db2 warehouse versions antérieures à 5.2.0 pour Cloud Pak for Data |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 IF4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 warehouse versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
"product": {
"name": "Db2 Warehouse",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0917"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"name": "CVE-2024-47177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-26612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2024-31881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2025-0923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0923"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-31880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2024-28762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2025-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2024-37529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37529"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2021-25642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25642"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-52046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52046"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-57965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
},
{
"name": "CVE-2023-29267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
},
{
"name": "CVE-2024-31882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31882"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2023-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2022-42969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2024-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
},
{
"name": "CVE-2024-35152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35152"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2025-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25032"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2023-39663",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39663"
},
{
"name": "CVE-2024-35136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35136"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0512",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7236500",
"url": "https://www.ibm.com/support/pages/node/7236500"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7234674",
"url": "https://www.ibm.com/support/pages/node/7234674"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7236354",
"url": "https://www.ibm.com/support/pages/node/7236354"
}
]
}
CERTFR-2025-AVI-0924
Vulnerability from certfr_avis - Published: 2025-10-24 - Updated: 2025-10-24
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | DB2 Data Management Console versions antérieures à 3.1.13 | ||
| IBM | Security QRadar Network Threat | Security QRadar Network Threat Analytics versions antérieures à 1.4.1 | ||
| IBM | Security QRadar Log Management AQL | Greffon Security QRadar Log Management AQL versions antérieures à 1.1.3 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.4.0.x antérieures à 6.4.0.0 iFix02 | ||
| IBM | Spectrum | Spectrum Symphony versions antérieures à 7.3.2 sans le correctif 602717 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.3.1.x antérieures à 6.3.1.0 iFix05 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services 6.4.x antérieures à 6.4.0.4 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.29 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services 6.3.x antérieures à 6.3.0.15 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "DB2 Data Management Console versions ant\u00e9rieures \u00e0 3.1.13",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar Network Threat Analytics versions ant\u00e9rieures \u00e0 1.4.1",
"product": {
"name": "Security QRadar Network Threat",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Greffon Security QRadar Log Management AQL versions ant\u00e9rieures \u00e0 1.1.3",
"product": {
"name": "Security QRadar Log Management AQL",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.4.0.x ant\u00e9rieures \u00e0 6.4.0.0 iFix02",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Spectrum Symphony versions ant\u00e9rieures \u00e0 7.3.2 sans le correctif 602717",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.1.x ant\u00e9rieures \u00e0 6.3.1.0 iFix05",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services 6.4.x ant\u00e9rieures \u00e0 6.4.0.4",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.29",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services 6.3.x ant\u00e9rieures \u00e0 6.3.0.15",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"name": "CVE-2024-47177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2024-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22243"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2024-22262",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22262"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2025-48068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-30698",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
},
{
"name": "CVE-2024-38821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38821"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2025-41232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41232"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-2900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2900"
},
{
"name": "CVE-2024-22259",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22259"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2023-50314",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50314"
},
{
"name": "CVE-2025-30153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2025-10-24T00:00:00",
"last_revision_date": "2025-10-24T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0924",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248583",
"url": "https://www.ibm.com/support/pages/node/7248583"
},
{
"published_at": "2025-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248935",
"url": "https://www.ibm.com/support/pages/node/7248935"
},
{
"published_at": "2025-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249065",
"url": "https://www.ibm.com/support/pages/node/7249065"
},
{
"published_at": "2025-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249063",
"url": "https://www.ibm.com/support/pages/node/7249063"
},
{
"published_at": "2025-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249064",
"url": "https://www.ibm.com/support/pages/node/7249064"
},
{
"published_at": "2025-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249062",
"url": "https://www.ibm.com/support/pages/node/7249062"
},
{
"published_at": "2025-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7249013",
"url": "https://www.ibm.com/support/pages/node/7249013"
},
{
"published_at": "2025-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248293",
"url": "https://www.ibm.com/support/pages/node/7248293"
},
{
"published_at": "2025-10-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248548",
"url": "https://www.ibm.com/support/pages/node/7248548"
}
]
}
RHSA-2024_7623
Vulnerability from csaf_redhat - Published: 2024-10-03 11:27 - Updated: 2024-11-24 19:41Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7623",
"url": "https://access.redhat.com/errata/RHSA-2024:7623"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7623.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2024-11-24T19:41:53+00:00",
"generator": {
"date": "2024-11-24T19:41:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:7623",
"initial_release_date": "2024-10-03T11:27:46+00:00",
"revision_history": [
{
"date": "2024-10-03T11:27:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-03T11:27:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T19:41:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-27.el8_6.3.src",
"product": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.src",
"product_id": "cups-filters-0:1.20.0-27.el8_6.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-27.el8_6.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"product": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"product_id": "cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-27.el8_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"product": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"product_id": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-27.el8_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"product_id": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-27.el8_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"product_id": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-27.el8_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-27.el8_6.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"product": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"product_id": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-27.el8_6.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"product_id": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-27.el8_6.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"product_id": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-27.el8_6.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-27.el8_6.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"product": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"product_id": "cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-27.el8_6.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"product": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"product_id": "cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-27.el8_6.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"product_id": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-27.el8_6.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"product_id": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-27.el8_6.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-27.el8_6.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"product": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"product_id": "cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-27.el8_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"product_id": "cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-27.el8_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"product_id": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-27.el8_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-27.el8_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-27.el8_6.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-27.el8_6.3.s390x",
"product": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.s390x",
"product_id": "cups-filters-0:1.20.0-27.el8_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-27.el8_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"product": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"product_id": "cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-27.el8_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"product_id": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-27.el8_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"product_id": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-27.el8_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-27.el8_6.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-03T11:27:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7623"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-03T11:27:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7623"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-03T11:27:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7623"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-03T11:27:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7623"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024_7462
Vulnerability from csaf_redhat - Published: 2024-10-01 18:35 - Updated: 2024-11-24 19:40Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7462",
"url": "https://access.redhat.com/errata/RHSA-2024:7462"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7462.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2024-11-24T19:40:44+00:00",
"generator": {
"date": "2024-11-24T19:40:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:7462",
"initial_release_date": "2024-10-01T18:35:00+00:00",
"revision_history": [
{
"date": "2024-10-01T18:35:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-01T18:35:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T19:40:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product": {
"name": "Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-29.el8_8.3.src",
"product": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.src",
"product_id": "cups-filters-0:1.20.0-29.el8_8.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-29.el8_8.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"product": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"product_id": "cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-29.el8_8.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"product": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"product_id": "cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-29.el8_8.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"product_id": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-29.el8_8.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"product_id": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-29.el8_8.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-29.el8_8.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"product": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"product_id": "cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-29.el8_8.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"product": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"product_id": "cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-29.el8_8.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"product_id": "cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-29.el8_8.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"product_id": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-29.el8_8.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-29.el8_8.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-29.el8_8.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"product": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"product_id": "cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-29.el8_8.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"product": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"product_id": "cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-29.el8_8.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"product": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"product_id": "cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-29.el8_8.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"product_id": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-29.el8_8.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"product_id": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-29.el8_8.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-29.el8_8.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"product": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"product_id": "cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-29.el8_8.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"product": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"product_id": "cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-29.el8_8.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"product_id": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-29.el8_8.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"product_id": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-29.el8_8.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-29.el8_8.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"product": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"product_id": "cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-29.el8_8.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-29.el8_8.3.s390x",
"product": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.s390x",
"product_id": "cups-filters-0:1.20.0-29.el8_8.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-29.el8_8.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"product": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"product_id": "cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-29.el8_8.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"product_id": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-29.el8_8.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"product_id": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-29.el8_8.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-29.el8_8.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"product": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"product_id": "cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-29.el8_8.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.src as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.src",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:35:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7462"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:35:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7462"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:35:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7462"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:35:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7462"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024:7623
Vulnerability from csaf_redhat - Published: 2024-10-03 11:27 - Updated: 2025-11-21 19:13Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7623",
"url": "https://access.redhat.com/errata/RHSA-2024:7623"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7623.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2025-11-21T19:13:55+00:00",
"generator": {
"date": "2025-11-21T19:13:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:7623",
"initial_release_date": "2024-10-03T11:27:46+00:00",
"revision_history": [
{
"date": "2024-10-03T11:27:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-03T11:27:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:13:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-27.el8_6.3.src",
"product": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.src",
"product_id": "cups-filters-0:1.20.0-27.el8_6.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-27.el8_6.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"product": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"product_id": "cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-27.el8_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"product": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"product_id": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-27.el8_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"product_id": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-27.el8_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"product_id": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-27.el8_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-27.el8_6.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"product": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"product_id": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-27.el8_6.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"product_id": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-27.el8_6.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"product_id": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-27.el8_6.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-27.el8_6.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"product": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"product_id": "cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-27.el8_6.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"product": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"product_id": "cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-27.el8_6.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"product_id": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-27.el8_6.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"product_id": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-27.el8_6.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-27.el8_6.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"product": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"product_id": "cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-27.el8_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"product_id": "cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-27.el8_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"product_id": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-27.el8_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-27.el8_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-27.el8_6.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-27.el8_6.3.s390x",
"product": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.s390x",
"product_id": "cups-filters-0:1.20.0-27.el8_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-27.el8_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"product": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"product_id": "cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-27.el8_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"product_id": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-27.el8_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"product_id": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-27.el8_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-27.el8_6.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-03T11:27:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7623"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security vulnerability was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-03T11:27:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7623"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue has been identified in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-03T11:27:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7623"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-03T11:27:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7623"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.AUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.E4S:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.aarch64",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.ppc64le",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.s390x",
"AppStream-8.6.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.src",
"AppStream-8.6.0.Z.TUS:cups-filters-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-debugsource-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-0:1.20.0-27.el8_6.3.x86_64",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.i686",
"AppStream-8.6.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-27.el8_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024_7346
Vulnerability from csaf_redhat - Published: 2024-09-27 20:20 - Updated: 2024-11-24 19:40Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7346",
"url": "https://access.redhat.com/errata/RHSA-2024:7346"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7346.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2024-11-24T19:40:26+00:00",
"generator": {
"date": "2024-11-24T19:40:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:7346",
"initial_release_date": "2024-09-27T20:20:45+00:00",
"revision_history": [
{
"date": "2024-09-27T20:20:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-27T20:20:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T19:40:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-17.el9_4.src",
"product": {
"name": "cups-filters-0:1.28.7-17.el9_4.src",
"product_id": "cups-filters-0:1.28.7-17.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-17.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-17.el9_4.aarch64",
"product": {
"name": "cups-filters-0:1.28.7-17.el9_4.aarch64",
"product_id": "cups-filters-0:1.28.7-17.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-17.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"product": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"product_id": "cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-17.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"product_id": "cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-17.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"product_id": "cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-17.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-17.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"product": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"product_id": "cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-17.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-17.el9_4.ppc64le",
"product": {
"name": "cups-filters-0:1.28.7-17.el9_4.ppc64le",
"product_id": "cups-filters-0:1.28.7-17.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-17.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"product_id": "cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-17.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"product_id": "cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-17.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-17.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-17.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"product": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"product_id": "cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-17.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-17.el9_4.x86_64",
"product": {
"name": "cups-filters-0:1.28.7-17.el9_4.x86_64",
"product_id": "cups-filters-0:1.28.7-17.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-17.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"product": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"product_id": "cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-17.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"product_id": "cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-17.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"product_id": "cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-17.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-17.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"product": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"product_id": "cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-17.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-17.el9_4.i686",
"product": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.i686",
"product_id": "cups-filters-libs-0:1.28.7-17.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-17.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"product_id": "cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-17.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"product_id": "cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-17.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-17.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-17.el9_4.i686",
"product": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.i686",
"product_id": "cups-filters-devel-0:1.28.7-17.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-17.el9_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-17.el9_4.s390x",
"product": {
"name": "cups-filters-0:1.28.7-17.el9_4.s390x",
"product_id": "cups-filters-0:1.28.7-17.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-17.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"product": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"product_id": "cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-17.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"product_id": "cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-17.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"product_id": "cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-17.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-17.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"product": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"product_id": "cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-17.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.src as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.src",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-27T20:20:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7346"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-27T20:20:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7346"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-27T20:20:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7346"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-27T20:20:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7346"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024_7461
Vulnerability from csaf_redhat - Published: 2024-10-01 18:26 - Updated: 2024-11-24 19:40Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7461",
"url": "https://access.redhat.com/errata/RHSA-2024:7461"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7461.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2024-11-24T19:40:54+00:00",
"generator": {
"date": "2024-11-24T19:40:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:7461",
"initial_release_date": "2024-10-01T18:26:01+00:00",
"revision_history": [
{
"date": "2024-10-01T18:26:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-01T18:26:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T19:40:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-19.el8_2.2.src",
"product": {
"name": "cups-filters-0:1.20.0-19.el8_2.2.src",
"product_id": "cups-filters-0:1.20.0-19.el8_2.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-19.el8_2.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"product": {
"name": "cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"product_id": "cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-19.el8_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"product": {
"name": "cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"product_id": "cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-19.el8_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"product_id": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-19.el8_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"product_id": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-19.el8_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-19.el8_2.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"product": {
"name": "cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"product_id": "cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-19.el8_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"product_id": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-19.el8_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"product_id": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-19.el8_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-19.el8_2.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-19.el8_2.2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src"
},
"product_reference": "cups-filters-0:1.20.0-19.el8_2.2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-19.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-19.el8_2.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:26:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7461"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:26:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7461"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:26:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7461"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:26:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7461"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024:7463
Vulnerability from csaf_redhat - Published: 2024-10-01 18:38 - Updated: 2025-11-21 19:13Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7463",
"url": "https://access.redhat.com/errata/RHSA-2024:7463"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7463.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2025-11-21T19:13:44+00:00",
"generator": {
"date": "2025-11-21T19:13:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:7463",
"initial_release_date": "2024-10-01T18:38:16+00:00",
"revision_history": [
{
"date": "2024-10-01T18:38:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-01T18:38:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:13:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-35.el8_10.src",
"product": {
"name": "cups-filters-0:1.20.0-35.el8_10.src",
"product_id": "cups-filters-0:1.20.0-35.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-35.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-35.el8_10.aarch64",
"product": {
"name": "cups-filters-0:1.20.0-35.el8_10.aarch64",
"product_id": "cups-filters-0:1.20.0-35.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-35.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"product": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"product_id": "cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-35.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"product_id": "cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-35.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"product_id": "cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-35.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-35.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"product": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"product_id": "cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-35.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-35.el8_10.ppc64le",
"product": {
"name": "cups-filters-0:1.20.0-35.el8_10.ppc64le",
"product_id": "cups-filters-0:1.20.0-35.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-35.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"product_id": "cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-35.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"product_id": "cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-35.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-35.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-35.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"product": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"product_id": "cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-35.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-35.el8_10.x86_64",
"product": {
"name": "cups-filters-0:1.20.0-35.el8_10.x86_64",
"product_id": "cups-filters-0:1.20.0-35.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-35.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"product": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"product_id": "cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-35.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"product_id": "cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-35.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"product_id": "cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-35.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-35.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"product": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"product_id": "cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-35.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-35.el8_10.i686",
"product": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.i686",
"product_id": "cups-filters-libs-0:1.20.0-35.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-35.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"product_id": "cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-35.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"product_id": "cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-35.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-35.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-35.el8_10.i686",
"product": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.i686",
"product_id": "cups-filters-devel-0:1.20.0-35.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-35.el8_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-35.el8_10.s390x",
"product": {
"name": "cups-filters-0:1.20.0-35.el8_10.s390x",
"product_id": "cups-filters-0:1.20.0-35.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-35.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"product": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"product_id": "cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-35.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"product_id": "cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-35.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"product_id": "cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-35.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-35.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"product": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"product_id": "cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-35.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.src as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.src",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:38:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7463"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security vulnerability was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:38:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7463"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue has been identified in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:38:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7463"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:38:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7463"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024_7503
Vulnerability from csaf_redhat - Published: 2024-10-02 12:00 - Updated: 2024-11-24 19:41Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7503",
"url": "https://access.redhat.com/errata/RHSA-2024:7503"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7503.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2024-11-24T19:41:24+00:00",
"generator": {
"date": "2024-11-24T19:41:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:7503",
"initial_release_date": "2024-10-02T12:00:43+00:00",
"revision_history": [
{
"date": "2024-10-02T12:00:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-02T12:00:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T19:41:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product": {
"name": "Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"product": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"product_id": "cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-11.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"product_id": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-11.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"product_id": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-11.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-11.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"product": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"product_id": "cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-11.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"product": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"product_id": "cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-11.el9_2.2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"product": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"product_id": "cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-11.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"product_id": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-11.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-11.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-11.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"product": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"product_id": "cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-11.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"product_id": "cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-11.el9_2.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"product": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"product_id": "cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-11.el9_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"product_id": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-11.el9_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"product_id": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-11.el9_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-11.el9_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"product": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"product_id": "cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-11.el9_2.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"product": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"product_id": "cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-11.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"product_id": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-11.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"product_id": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-11.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-11.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"product": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"product_id": "cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-11.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"product": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"product_id": "cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-11.el9_2.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"product": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"product_id": "cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-11.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"product_id": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-11.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"product_id": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-11.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-11.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-11.el9_2.2.s390x",
"product": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.s390x",
"product_id": "cups-filters-0:1.28.7-11.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-11.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"product": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"product_id": "cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-11.el9_2.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-11.el9_2.2.src",
"product": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.src",
"product_id": "cups-filters-0:1.28.7-11.el9_2.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-11.el9_2.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.src as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.src",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T12:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7503"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T12:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7503"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T12:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7503"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T12:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7503"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024_7504
Vulnerability from csaf_redhat - Published: 2024-10-02 11:38 - Updated: 2024-11-24 19:41Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7504",
"url": "https://access.redhat.com/errata/RHSA-2024:7504"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7504.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2024-11-24T19:41:14+00:00",
"generator": {
"date": "2024-11-24T19:41:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:7504",
"initial_release_date": "2024-10-02T11:38:08+00:00",
"revision_history": [
{
"date": "2024-10-02T11:38:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-02T11:38:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T19:41:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-24.el8_4.2.src",
"product": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.src",
"product_id": "cups-filters-0:1.20.0-24.el8_4.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-24.el8_4.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"product": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"product_id": "cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-24.el8_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"product": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"product_id": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-24.el8_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"product_id": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-24.el8_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"product_id": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-24.el8_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-24.el8_4.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"product": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"product_id": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-24.el8_4.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"product_id": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-24.el8_4.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"product_id": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-24.el8_4.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-24.el8_4.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"product": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"product_id": "cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-24.el8_4.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"product_id": "cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-24.el8_4.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"product_id": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-24.el8_4.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-24.el8_4.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-24.el8_4.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src"
},
"product_reference": "cups-filters-0:1.20.0-24.el8_4.2.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le"
},
"product_reference": "cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src"
},
"product_reference": "cups-filters-0:1.20.0-24.el8_4.2.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src"
},
"product_reference": "cups-filters-0:1.20.0-24.el8_4.2.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:38:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7504"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:38:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7504"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:38:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7504"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:38:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7504"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024_7551
Vulnerability from csaf_redhat - Published: 2024-10-02 18:21 - Updated: 2024-11-24 19:41Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7551",
"url": "https://access.redhat.com/errata/RHSA-2024:7551"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7551.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2024-11-24T19:41:42+00:00",
"generator": {
"date": "2024-11-24T19:41:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:7551",
"initial_release_date": "2024-10-02T18:21:54+00:00",
"revision_history": [
{
"date": "2024-10-02T18:21:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-02T18:21:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T19:41:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.0.35-26.el7_7.3.src",
"product": {
"name": "cups-filters-0:1.0.35-26.el7_7.3.src",
"product_id": "cups-filters-0:1.0.35-26.el7_7.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.0.35-26.el7_7.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"product": {
"name": "cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"product_id": "cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.0.35-26.el7_7.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"product": {
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"product_id": "cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-26.el7_7.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"product_id": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-26.el7_7.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"product": {
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"product_id": "cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-26.el7_7.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"product": {
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"product_id": "cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-26.el7_7.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"product_id": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-26.el7_7.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"product": {
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"product_id": "cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-26.el7_7.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-26.el7_7.3.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src"
},
"product_reference": "cups-filters-0:1.0.35-26.el7_7.3.src",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686"
},
"product_reference": "cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686"
},
"product_reference": "cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-26.el7_7.3.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src"
},
"product_reference": "cups-filters-0:1.0.35-26.el7_7.3.src",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686"
},
"product_reference": "cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686"
},
"product_reference": "cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:21:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7551"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:21:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7551"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:21:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7551"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:21:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7551"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024:7346
Vulnerability from csaf_redhat - Published: 2024-09-27 20:20 - Updated: 2025-11-21 19:13Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7346",
"url": "https://access.redhat.com/errata/RHSA-2024:7346"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7346.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2025-11-21T19:13:36+00:00",
"generator": {
"date": "2025-11-21T19:13:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:7346",
"initial_release_date": "2024-09-27T20:20:45+00:00",
"revision_history": [
{
"date": "2024-09-27T20:20:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-09-27T20:20:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:13:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-17.el9_4.src",
"product": {
"name": "cups-filters-0:1.28.7-17.el9_4.src",
"product_id": "cups-filters-0:1.28.7-17.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-17.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-17.el9_4.aarch64",
"product": {
"name": "cups-filters-0:1.28.7-17.el9_4.aarch64",
"product_id": "cups-filters-0:1.28.7-17.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-17.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"product": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"product_id": "cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-17.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"product_id": "cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-17.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"product_id": "cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-17.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-17.el9_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"product": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"product_id": "cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-17.el9_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-17.el9_4.ppc64le",
"product": {
"name": "cups-filters-0:1.28.7-17.el9_4.ppc64le",
"product_id": "cups-filters-0:1.28.7-17.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-17.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"product_id": "cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-17.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"product_id": "cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-17.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-17.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-17.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"product": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"product_id": "cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-17.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-17.el9_4.x86_64",
"product": {
"name": "cups-filters-0:1.28.7-17.el9_4.x86_64",
"product_id": "cups-filters-0:1.28.7-17.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-17.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"product": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"product_id": "cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-17.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"product_id": "cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-17.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"product_id": "cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-17.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-17.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"product": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"product_id": "cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-17.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-17.el9_4.i686",
"product": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.i686",
"product_id": "cups-filters-libs-0:1.28.7-17.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-17.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"product_id": "cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-17.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"product_id": "cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-17.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-17.el9_4?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-17.el9_4.i686",
"product": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.i686",
"product_id": "cups-filters-devel-0:1.28.7-17.el9_4.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-17.el9_4?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-17.el9_4.s390x",
"product": {
"name": "cups-filters-0:1.28.7-17.el9_4.s390x",
"product_id": "cups-filters-0:1.28.7-17.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-17.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"product": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"product_id": "cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-17.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"product_id": "cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-17.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"product_id": "cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-17.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-17.el9_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"product": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"product_id": "cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-17.el9_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.src as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.src",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 9)",
"product_id": "CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"relates_to_product_reference": "CRB-9.4.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-27T20:20:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7346"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security vulnerability was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-27T20:20:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7346"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue has been identified in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-27T20:20:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7346"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-09-27T20:20:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7346"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"AppStream-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.src",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-devel-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-0:1.28.7-17.el9_4.x86_64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.aarch64",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.i686",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.ppc64le",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.s390x",
"CRB-9.4.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.28.7-17.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024:7506
Vulnerability from csaf_redhat - Published: 2024-10-02 11:35 - Updated: 2025-11-21 19:13Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7506",
"url": "https://access.redhat.com/errata/RHSA-2024:7506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7506.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2025-11-21T19:13:49+00:00",
"generator": {
"date": "2025-11-21T19:13:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:7506",
"initial_release_date": "2024-10-02T11:35:03+00:00",
"revision_history": [
{
"date": "2024-10-02T11:35:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-02T11:35:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:13:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-10.el9_0.2.src",
"product": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.src",
"product_id": "cups-filters-0:1.28.7-10.el9_0.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-10.el9_0.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"product": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"product_id": "cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-10.el9_0.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"product": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"product_id": "cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-10.el9_0.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"product_id": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-10.el9_0.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"product_id": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-10.el9_0.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-10.el9_0.2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"product": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"product_id": "cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-10.el9_0.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"product_id": "cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-10.el9_0.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"product_id": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-10.el9_0.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-10.el9_0.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-10.el9_0.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"product": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"product_id": "cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-10.el9_0.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"product": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"product_id": "cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-10.el9_0.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"product_id": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-10.el9_0.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"product_id": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-10.el9_0.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-10.el9_0.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"product": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"product_id": "cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-10.el9_0.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"product_id": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-10.el9_0.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"product_id": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-10.el9_0.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-10.el9_0.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-10.el9_0.2.s390x",
"product": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.s390x",
"product_id": "cups-filters-0:1.28.7-10.el9_0.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-10.el9_0.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"product": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"product_id": "cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-10.el9_0.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"product_id": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-10.el9_0.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"product_id": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-10.el9_0.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-10.el9_0.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64"
},
"product_reference": "cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le"
},
"product_reference": "cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x"
},
"product_reference": "cups-filters-0:1.28.7-10.el9_0.2.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src"
},
"product_reference": "cups-filters-0:1.28.7-10.el9_0.2.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64"
},
"product_reference": "cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64"
},
"product_reference": "cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686"
},
"product_reference": "cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x"
},
"product_reference": "cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64"
},
"product_reference": "cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:35:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7506"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security vulnerability was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:35:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7506"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue has been identified in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:35:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7506"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:35:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7506"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024_7506
Vulnerability from csaf_redhat - Published: 2024-10-02 11:35 - Updated: 2024-11-24 19:41Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7506",
"url": "https://access.redhat.com/errata/RHSA-2024:7506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7506.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2024-11-24T19:41:04+00:00",
"generator": {
"date": "2024-11-24T19:41:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:7506",
"initial_release_date": "2024-10-02T11:35:03+00:00",
"revision_history": [
{
"date": "2024-10-02T11:35:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-02T11:35:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T19:41:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-10.el9_0.2.src",
"product": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.src",
"product_id": "cups-filters-0:1.28.7-10.el9_0.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-10.el9_0.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"product": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"product_id": "cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-10.el9_0.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"product": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"product_id": "cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-10.el9_0.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"product_id": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-10.el9_0.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"product_id": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-10.el9_0.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-10.el9_0.2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"product": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"product_id": "cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-10.el9_0.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"product_id": "cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-10.el9_0.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"product_id": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-10.el9_0.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-10.el9_0.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-10.el9_0.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"product": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"product_id": "cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-10.el9_0.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"product": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"product_id": "cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-10.el9_0.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"product_id": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-10.el9_0.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"product_id": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-10.el9_0.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-10.el9_0.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"product": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"product_id": "cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-10.el9_0.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"product_id": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-10.el9_0.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"product_id": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-10.el9_0.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-10.el9_0.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-10.el9_0.2.s390x",
"product": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.s390x",
"product_id": "cups-filters-0:1.28.7-10.el9_0.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-10.el9_0.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"product": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"product_id": "cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-10.el9_0.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"product_id": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-10.el9_0.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"product_id": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-10.el9_0.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-10.el9_0.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64"
},
"product_reference": "cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le"
},
"product_reference": "cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x"
},
"product_reference": "cups-filters-0:1.28.7-10.el9_0.2.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src"
},
"product_reference": "cups-filters-0:1.28.7-10.el9_0.2.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-10.el9_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64"
},
"product_reference": "cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64"
},
"product_reference": "cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686"
},
"product_reference": "cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x"
},
"product_reference": "cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64"
},
"product_reference": "cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:35:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7506"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:35:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7506"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:35:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7506"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:35:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7506"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.src",
"AppStream-9.0.0.Z.E4S:cups-filters-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debuginfo-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-debugsource-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-0:1.28.7-10.el9_0.2.x86_64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.aarch64",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.i686",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.ppc64le",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.s390x",
"AppStream-9.0.0.Z.E4S:cups-filters-libs-debuginfo-0:1.28.7-10.el9_0.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024_7463
Vulnerability from csaf_redhat - Published: 2024-10-01 18:38 - Updated: 2024-11-24 19:40Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7463",
"url": "https://access.redhat.com/errata/RHSA-2024:7463"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7463.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2024-11-24T19:40:36+00:00",
"generator": {
"date": "2024-11-24T19:40:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:7463",
"initial_release_date": "2024-10-01T18:38:16+00:00",
"revision_history": [
{
"date": "2024-10-01T18:38:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-01T18:38:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T19:40:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-35.el8_10.src",
"product": {
"name": "cups-filters-0:1.20.0-35.el8_10.src",
"product_id": "cups-filters-0:1.20.0-35.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-35.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-35.el8_10.aarch64",
"product": {
"name": "cups-filters-0:1.20.0-35.el8_10.aarch64",
"product_id": "cups-filters-0:1.20.0-35.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-35.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"product": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"product_id": "cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-35.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"product_id": "cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-35.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"product_id": "cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-35.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-35.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"product": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"product_id": "cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-35.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-35.el8_10.ppc64le",
"product": {
"name": "cups-filters-0:1.20.0-35.el8_10.ppc64le",
"product_id": "cups-filters-0:1.20.0-35.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-35.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"product_id": "cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-35.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"product_id": "cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-35.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-35.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-35.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"product": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"product_id": "cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-35.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-35.el8_10.x86_64",
"product": {
"name": "cups-filters-0:1.20.0-35.el8_10.x86_64",
"product_id": "cups-filters-0:1.20.0-35.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-35.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"product": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"product_id": "cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-35.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"product_id": "cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-35.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"product_id": "cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-35.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-35.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"product": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"product_id": "cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-35.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-35.el8_10.i686",
"product": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.i686",
"product_id": "cups-filters-libs-0:1.20.0-35.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-35.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"product_id": "cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-35.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"product_id": "cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-35.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-35.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-35.el8_10.i686",
"product": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.i686",
"product_id": "cups-filters-devel-0:1.20.0-35.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-35.el8_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-35.el8_10.s390x",
"product": {
"name": "cups-filters-0:1.20.0-35.el8_10.s390x",
"product_id": "cups-filters-0:1.20.0-35.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-35.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"product": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"product_id": "cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-35.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"product_id": "cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-35.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"product_id": "cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-35.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-35.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"product": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"product_id": "cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-35.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.src as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.src",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64 as a component of Red Hat Enterprise Linux CRB (v. 8)",
"product_id": "CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"relates_to_product_reference": "CRB-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:38:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7463"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:38:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7463"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:38:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7463"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:38:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7463"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.src",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debuginfo-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-debugsource-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-devel-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-0:1.20.0-35.el8_10.x86_64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.aarch64",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.i686",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.ppc64le",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.s390x",
"CRB-8.10.0.Z.MAIN.EUS:cups-filters-libs-debuginfo-0:1.20.0-35.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024_7553
Vulnerability from csaf_redhat - Published: 2024-10-02 18:32 - Updated: 2024-11-24 19:41Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7-ELS Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7-ELS Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7553",
"url": "https://access.redhat.com/errata/RHSA-2024:7553"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7-ELS/html/7-ELS_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7-ELS/html/7-ELS_release_notes/index"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7553.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2024-11-24T19:41:33+00:00",
"generator": {
"date": "2024-11-24T19:41:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:7553",
"initial_release_date": "2024-10-02T18:32:49+00:00",
"revision_history": [
{
"date": "2024-10-02T18:32:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-02T18:32:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-24T19:41:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.0.35-29.el7_9.3.src",
"product": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.src",
"product_id": "cups-filters-0:1.0.35-29.el7_9.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.0.35-29.el7_9.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"product": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"product_id": "cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.0.35-29.el7_9.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"product": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"product_id": "cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-29.el7_9.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"product_id": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-29.el7_9.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"product": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"product_id": "cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-29.el7_9.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"product": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"product_id": "cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-29.el7_9.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"product_id": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-29.el7_9.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"product": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"product_id": "cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-29.el7_9.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"product": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"product_id": "cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.0.35-29.el7_9.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"product_id": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-29.el7_9.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-29.el7_9.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"product": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"product_id": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-29.el7_9.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"product": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"product_id": "cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.0.35-29.el7_9.3?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"product": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"product_id": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-29.el7_9.3?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"product_id": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-29.el7_9.3?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"product": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"product_id": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-29.el7_9.3?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"product": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"product_id": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-29.el7_9.3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"product_id": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-29.el7_9.3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"product": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"product_id": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-29.el7_9.3?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.0.35-29.el7_9.3.s390x",
"product": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.s390x",
"product_id": "cups-filters-0:1.0.35-29.el7_9.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.0.35-29.el7_9.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"product": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"product_id": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-29.el7_9.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"product_id": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-29.el7_9.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"product": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"product_id": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-29.el7_9.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"product": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"product_id": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-29.el7_9.3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"product_id": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-29.el7_9.3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"product": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"product_id": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-29.el7_9.3?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.src as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.src",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.src as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.src",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:32:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7553"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:32:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7553"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:32:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7553"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:32:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7553"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024:7504
Vulnerability from csaf_redhat - Published: 2024-10-02 11:38 - Updated: 2025-11-21 19:13Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7504",
"url": "https://access.redhat.com/errata/RHSA-2024:7504"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7504.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2025-11-21T19:13:49+00:00",
"generator": {
"date": "2025-11-21T19:13:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:7504",
"initial_release_date": "2024-10-02T11:38:08+00:00",
"revision_history": [
{
"date": "2024-10-02T11:38:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-02T11:38:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:13:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-24.el8_4.2.src",
"product": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.src",
"product_id": "cups-filters-0:1.20.0-24.el8_4.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-24.el8_4.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"product": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"product_id": "cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-24.el8_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"product": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"product_id": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-24.el8_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"product_id": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-24.el8_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"product_id": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-24.el8_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-24.el8_4.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"product": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"product_id": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-24.el8_4.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"product_id": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-24.el8_4.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"product_id": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-24.el8_4.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-24.el8_4.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"product": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"product_id": "cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-24.el8_4.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"product_id": "cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-24.el8_4.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"product_id": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-24.el8_4.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-24.el8_4.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-24.el8_4.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src"
},
"product_reference": "cups-filters-0:1.20.0-24.el8_4.2.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le"
},
"product_reference": "cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src"
},
"product_reference": "cups-filters-0:1.20.0-24.el8_4.2.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src"
},
"product_reference": "cups-filters-0:1.20.0-24.el8_4.2.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:38:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7504"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security vulnerability was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:38:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7504"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue has been identified in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:38:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7504"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T11:38:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7504"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.AUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.E4S:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.ppc64le",
"AppStream-8.4.0.Z.E4S:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.src",
"AppStream-8.4.0.Z.TUS:cups-filters-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debuginfo-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-debugsource-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-0:1.20.0-24.el8_4.2.x86_64",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.i686",
"AppStream-8.4.0.Z.TUS:cups-filters-libs-debuginfo-0:1.20.0-24.el8_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024:7551
Vulnerability from csaf_redhat - Published: 2024-10-02 18:21 - Updated: 2025-11-21 19:13Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7551",
"url": "https://access.redhat.com/errata/RHSA-2024:7551"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7551.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2025-11-21T19:13:50+00:00",
"generator": {
"date": "2025-11-21T19:13:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:7551",
"initial_release_date": "2024-10-02T18:21:54+00:00",
"revision_history": [
{
"date": "2024-10-02T18:21:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-02T18:21:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:13:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product": {
"name": "Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:7.7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.0.35-26.el7_7.3.src",
"product": {
"name": "cups-filters-0:1.0.35-26.el7_7.3.src",
"product_id": "cups-filters-0:1.0.35-26.el7_7.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.0.35-26.el7_7.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"product": {
"name": "cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"product_id": "cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.0.35-26.el7_7.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"product": {
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"product_id": "cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-26.el7_7.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"product_id": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-26.el7_7.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"product": {
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"product_id": "cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-26.el7_7.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"product": {
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"product_id": "cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-26.el7_7.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"product_id": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-26.el7_7.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"product": {
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"product_id": "cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-26.el7_7.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-26.el7_7.3.src as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src"
},
"product_reference": "cups-filters-0:1.0.35-26.el7_7.3.src",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686"
},
"product_reference": "cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.i686 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686"
},
"product_reference": "cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server AUS (v. 7.7)",
"product_id": "7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-26.el7_7.3.src as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src"
},
"product_reference": "cups-filters-0:1.0.35-26.el7_7.3.src",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686"
},
"product_reference": "cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.i686 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686"
},
"product_reference": "cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional AUS (v. 7.7)",
"product_id": "7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"relates_to_product_reference": "7Server-optional-7.7.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:21:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7551"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security vulnerability was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:21:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7551"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue has been identified in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:21:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7551"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:21:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7551"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.src",
"7Server-optional-7.7.AUS:cups-filters-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-debuginfo-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-devel-0:1.0.35-26.el7_7.3.x86_64",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.i686",
"7Server-optional-7.7.AUS:cups-filters-libs-0:1.0.35-26.el7_7.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024:7503
Vulnerability from csaf_redhat - Published: 2024-10-02 12:00 - Updated: 2025-11-21 19:13Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7503",
"url": "https://access.redhat.com/errata/RHSA-2024:7503"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7503.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2025-11-21T19:13:48+00:00",
"generator": {
"date": "2025-11-21T19:13:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:7503",
"initial_release_date": "2024-10-02T12:00:43+00:00",
"revision_history": [
{
"date": "2024-10-02T12:00:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-02T12:00:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:13:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product": {
"name": "Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.2::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"product": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"product_id": "cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-11.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"product_id": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-11.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"product_id": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-11.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-11.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"product": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"product_id": "cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-11.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"product": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"product_id": "cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-11.el9_2.2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"product": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"product_id": "cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-11.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"product_id": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-11.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-11.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-11.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"product": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"product_id": "cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-11.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"product_id": "cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-11.el9_2.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"product": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"product_id": "cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-11.el9_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"product_id": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-11.el9_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"product_id": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-11.el9_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-11.el9_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"product": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"product_id": "cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-11.el9_2.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"product": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"product_id": "cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-11.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"product_id": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-11.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"product_id": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-11.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-11.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"product": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"product_id": "cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-11.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"product": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"product_id": "cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-11.el9_2.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"product": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"product_id": "cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.28.7-11.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"product": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"product_id": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.28.7-11.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"product": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"product_id": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.28.7-11.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"product_id": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.28.7-11.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-11.el9_2.2.s390x",
"product": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.s390x",
"product_id": "cups-filters-0:1.28.7-11.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-11.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"product": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"product_id": "cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.28.7-11.el9_2.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.28.7-11.el9_2.2.src",
"product": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.src",
"product_id": "cups-filters-0:1.28.7-11.el9_2.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.28.7-11.el9_2.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)",
"product_id": "AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.src as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.src",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.9.2)",
"product_id": "CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"relates_to_product_reference": "CRB-9.2.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T12:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7503"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security vulnerability was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T12:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7503"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue has been identified in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T12:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7503"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T12:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7503"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"AppStream-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"AppStream-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.src",
"CRB-9.2.0.Z.EUS:cups-filters-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debuginfo-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-debugsource-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-devel-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-0:1.28.7-11.el9_2.2.x86_64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.aarch64",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.i686",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.ppc64le",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.s390x",
"CRB-9.2.0.Z.EUS:cups-filters-libs-debuginfo-0:1.28.7-11.el9_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024:7462
Vulnerability from csaf_redhat - Published: 2024-10-01 18:35 - Updated: 2025-11-21 19:13Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7462",
"url": "https://access.redhat.com/errata/RHSA-2024:7462"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7462.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2025-11-21T19:13:44+00:00",
"generator": {
"date": "2025-11-21T19:13:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:7462",
"initial_release_date": "2024-10-01T18:35:00+00:00",
"revision_history": [
{
"date": "2024-10-01T18:35:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-01T18:35:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:13:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product": {
"name": "Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::crb"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-29.el8_8.3.src",
"product": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.src",
"product_id": "cups-filters-0:1.20.0-29.el8_8.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-29.el8_8.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"product": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"product_id": "cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-29.el8_8.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"product": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"product_id": "cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-29.el8_8.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"product_id": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-29.el8_8.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"product_id": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-29.el8_8.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-29.el8_8.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"product": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"product_id": "cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-29.el8_8.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"product": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"product_id": "cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-29.el8_8.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"product_id": "cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-29.el8_8.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"product_id": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-29.el8_8.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-29.el8_8.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-29.el8_8.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"product": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"product_id": "cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-29.el8_8.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"product": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"product_id": "cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-29.el8_8.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"product": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"product_id": "cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-29.el8_8.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"product_id": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-29.el8_8.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"product_id": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-29.el8_8.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-29.el8_8.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"product": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"product_id": "cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-29.el8_8.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"product": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"product_id": "cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-29.el8_8.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"product_id": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-29.el8_8.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"product_id": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-29.el8_8.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-29.el8_8.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"product": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"product_id": "cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-29.el8_8.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-29.el8_8.3.s390x",
"product": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.s390x",
"product_id": "cups-filters-0:1.20.0-29.el8_8.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-29.el8_8.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"product": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"product_id": "cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-29.el8_8.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"product_id": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-29.el8_8.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"product_id": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-29.el8_8.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-29.el8_8.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"product": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"product_id": "cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.20.0-29.el8_8.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.src as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.src",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64 as a component of Red Hat CodeReady Linux Builder EUS (v.8.8)",
"product_id": "CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"relates_to_product_reference": "CRB-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:35:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7462"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security vulnerability was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:35:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7462"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue has been identified in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:35:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7462"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:35:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7462"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"AppStream-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"AppStream-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.src",
"CRB-8.8.0.Z.EUS:cups-filters-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debuginfo-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-debugsource-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-devel-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-0:1.20.0-29.el8_8.3.x86_64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.aarch64",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.i686",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.ppc64le",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.s390x",
"CRB-8.8.0.Z.EUS:cups-filters-libs-debuginfo-0:1.20.0-29.el8_8.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024:7553
Vulnerability from csaf_redhat - Published: 2024-10-02 18:32 - Updated: 2025-11-21 19:13Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source (CVE-2024-47176)
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file (CVE-2024-47175)
* cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack (CVE-2024-47850)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source (CVE-2024-47176)\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file (CVE-2024-47175)\n\n* cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack (CVE-2024-47850)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7553",
"url": "https://access.redhat.com/errata/RHSA-2024:7553"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7553.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2025-11-21T19:13:51+00:00",
"generator": {
"date": "2025-11-21T19:13:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:7553",
"initial_release_date": "2024-10-02T18:32:49+00:00",
"revision_history": [
{
"date": "2024-10-02T18:32:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-01-13T16:00:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:13:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.0.35-29.el7_9.3.src",
"product": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.src",
"product_id": "cups-filters-0:1.0.35-29.el7_9.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.0.35-29.el7_9.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"product": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"product_id": "cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.0.35-29.el7_9.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"product": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"product_id": "cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-29.el7_9.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"product_id": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-29.el7_9.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"product": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"product_id": "cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-29.el7_9.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"product": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"product_id": "cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-29.el7_9.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"product_id": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-29.el7_9.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"product": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"product_id": "cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-29.el7_9.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"product": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"product_id": "cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.0.35-29.el7_9.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"product": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"product_id": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-29.el7_9.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"product_id": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-29.el7_9.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"product": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"product_id": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-29.el7_9.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"product": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"product_id": "cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.0.35-29.el7_9.3?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"product": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"product_id": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-29.el7_9.3?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"product_id": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-29.el7_9.3?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"product": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"product_id": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-29.el7_9.3?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"product": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"product_id": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-29.el7_9.3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"product_id": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-29.el7_9.3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"product": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"product_id": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-29.el7_9.3?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.0.35-29.el7_9.3.s390x",
"product": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.s390x",
"product_id": "cups-filters-0:1.0.35-29.el7_9.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.0.35-29.el7_9.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"product": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"product_id": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-29.el7_9.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"product_id": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-29.el7_9.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"product": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"product_id": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-29.el7_9.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"product": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"product_id": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.0.35-29.el7_9.3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"product": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"product_id": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.0.35-29.el7_9.3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"product": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"product_id": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-devel@1.0.35-29.el7_9.3?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.src as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.src",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.src as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.src",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"relates_to_product_reference": "7Server-optional-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"product_id": "7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
},
"product_reference": "cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"relates_to_product_reference": "7Server-optional-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:32:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7553"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security vulnerability was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:32:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7553"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue has been identified in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:32:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7553"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T18:32:49+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7553"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.src",
"7Server-optional-ELS:cups-filters-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-debuginfo-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-devel-0:1.0.35-29.el7_9.3.x86_64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.i686",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.ppc64le",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.s390x",
"7Server-optional-ELS:cups-filters-libs-0:1.0.35-29.el7_9.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
RHSA-2024:7461
Vulnerability from csaf_redhat - Published: 2024-10-01 18:26 - Updated: 2025-11-21 19:13Summary
Red Hat Security Advisory: cups-filters security update
Notes
Topic
An update for cups-filters is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently.
Security Fix(es):
* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()
* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)
* cups: libppd: remote command injection via attacker controlled data in PPD file ()
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for cups-filters is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The cups-filters package contains back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. \n\nSecurity Fix(es):\n\n* cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source ()\n\n* cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes (CVE-2024-47076)\n\n* cups: libppd: remote command injection via attacker controlled data in PPD file ()\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7461",
"url": "https://access.redhat.com/errata/RHSA-2024:7461"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7461.json"
}
],
"title": "Red Hat Security Advisory: cups-filters security update",
"tracking": {
"current_release_date": "2025-11-21T19:13:44+00:00",
"generator": {
"date": "2025-11-21T19:13:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2024:7461",
"initial_release_date": "2024-10-01T18:26:01+00:00",
"revision_history": [
{
"date": "2024-10-01T18:26:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-01T18:26:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T19:13:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-19.el8_2.2.src",
"product": {
"name": "cups-filters-0:1.20.0-19.el8_2.2.src",
"product_id": "cups-filters-0:1.20.0-19.el8_2.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-19.el8_2.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"product": {
"name": "cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"product_id": "cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters@1.20.0-19.el8_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"product": {
"name": "cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"product_id": "cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-19.el8_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"product_id": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-19.el8_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"product_id": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-19.el8_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-19.el8_2.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"product": {
"name": "cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"product_id": "cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs@1.20.0-19.el8_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"product": {
"name": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"product_id": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debugsource@1.20.0-19.el8_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"product": {
"name": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"product_id": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-debuginfo@1.20.0-19.el8_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"product": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"product_id": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/cups-filters-libs-debuginfo@1.20.0-19.el8_2.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-19.el8_2.2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src"
},
"product_reference": "cups-filters-0:1.20.0-19.el8_2.2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-0:1.20.0-19.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64"
},
"product_reference": "cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
},
"product_reference": "cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64"
},
"product_reference": "cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-19.el8_2.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686"
},
"product_reference": "cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64"
},
"product_reference": "cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
},
"product_reference": "cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-09-23T16:47:10.408000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314253"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "RHBZ#2314253",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:26:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7461"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes"
},
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2024-09-23T16:57:36.269000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314256"
}
],
"notes": [
{
"category": "description",
"text": "A security vulnerability was found in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nThe ppdCreatePPDFromIPP2 function in libppd doesn\u0027t properly check or clean IPP attributes before writing them to a temporary PPD file. This means that a remote attacker, who has control of or has hijacked an exposed printer (through UPD or mDNS), could send a harmful IPP attribute and potentially insert malicious commands into the PPD file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: libppd: remote command injection via attacker controlled data in PPD file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "RHCOS and RHEL include libs-cups as a build-time dependency. However, the vulnerability is not exploitable with just the client libraries unless a print server based on OpenPrinting is actively running.\n\nRHEL and RHCOS does not have cups-browsed enabled by default so the impact for those are set to \u0027Low\u0027",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "RHBZ#2314256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314256"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:26:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7461"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: libppd: remote command injection via attacker controlled data in PPD file"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-940",
"name": "Improper Verification of Source of a Communication Channel"
},
"discovery_date": "2024-09-23T16:37:23.865000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314252"
}
],
"notes": [
{
"category": "description",
"text": "A security issue has been identified in OpenPrinting CUPS.\n\nThe function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description (PPD) file based on attributes retrieved from an Internet Printing Protocol (IPP) response. Essentially, it takes printer information, usually obtained via IPP, and creates a corresponding PPD file that describes the printer\u0027s capabilities (such as supported media sizes, resolutions, color modes, etc.).\n\nPPD files are used by printing systems like CUPS (Common Unix Printing System) to communicate with and configure printers. They provide a standardized format that allows different printers to work with the printing system in a consistent way.\n\nA security issue was discovered in OpenPrinting CUPS. The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. In both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it which can leak potentially sensitive system information to an attacker via the User-Agent header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The cups-browsed service is disabled by default on all versions of RHEL.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "RHBZ#2314252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314252"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
}
],
"release_date": "2024-09-26T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:26:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7461"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source"
},
{
"cve": "CVE-2024-47850",
"discovery_date": "2024-10-04T05:00:52.670668+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2316417"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cups-browsed. This vulnerability allows an attacker to launch DDoS amplification attacks via an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "CVE-2024-47850 is resolved by the same fixes released for the related CVE-2024-47176.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "RHBZ#2316417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316417"
},
{
"category": "external",
"summary": "RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47850"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47850"
},
{
"category": "external",
"summary": "https://github.com/OpenPrinting/cups",
"url": "https://github.com/OpenPrinting/cups"
},
{
"category": "external",
"summary": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat",
"url": "https://www.akamai.com/blog/security-research/october-cups-ddos-threat"
}
],
"release_date": "2024-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-01T18:26:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7461"
},
{
"category": "workaround",
"details": "See the security bulletin for a detailed mitigation procedure.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.src",
"AppStream-8.2.0.Z.AUS:cups-filters-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debuginfo-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-debugsource-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-0:1.20.0-19.el8_2.2.x86_64",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.i686",
"AppStream-8.2.0.Z.AUS:cups-filters-libs-debuginfo-0:1.20.0-19.el8_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack"
}
]
}
NCSC-2024-0384
Vulnerability from csaf_ncscnl - Published: 2024-09-27 08:45 - Updated: 2024-10-02 08:45Summary
Kwetsbaarheden ontdekt in CUPS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Onlangs zijn er door een onderzoeker een aantal kwetsbaarheden ontdekt in CUPS die kunnen leiden tot Remote Code Execution. Deze zijn bekend gemaakt als "9.9 RCE affecting all GNU/Unix systems".
Interpretaties
Door een aaneenschakeling van de vier kwetsbaarheden, kan een kwaadwillende onder bepaalde omstandigheden willekeurige code uitvoeren binnen de context van de CUPS-service.
Oplossingen
Er zijn op dit moment nog geen patches beschikbaar om de kwetsbaarheden te verhelpen in CUPS versies lager dan 2.0.1.
Tot het moment dat de updates beschikbaar komen is het handelingsperspectief om de cups-browse daemon uit te schakelen.
Tevens is het raadzaam om te controleren of CUPS onbereikbaar is vanaf publieke netwerken. Controleer of verkeer van en naar UDP poort 631 wordt geblokkeerd. Hiermee wordt het risico van misbruik vanaf publieke netwerken verminderd.
**UPDATE**
Er zijn patches beschikbaar gesteld om de kwetsbaarheden te verhelpen. Deze zijn doorgevoerd in de distributies van GNU/Linux systemen.
Kans
medium
Schade
high
CWE-1327
Binding to an Unrestricted IP Address
CWE-940
Improper Verification of Source of a Communication Channel
CWE-749
Exposed Dangerous Method or Function
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-20
Improper Input Validation
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Onlangs zijn er door een onderzoeker een aantal kwetsbaarheden ontdekt in CUPS die kunnen leiden tot Remote Code Execution. Deze zijn bekend gemaakt als \"9.9 RCE affecting all GNU/Unix systems\".",
"title": "Feiten"
},
{
"category": "description",
"text": "Door een aaneenschakeling van de vier kwetsbaarheden, kan een kwaadwillende onder bepaalde omstandigheden willekeurige code uitvoeren binnen de context van de CUPS-service.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Er zijn op dit moment nog geen patches beschikbaar om de kwetsbaarheden te verhelpen in CUPS versies lager dan 2.0.1.\n\nTot het moment dat de updates beschikbaar komen is het handelingsperspectief om de cups-browse daemon uit te schakelen.\n\nTevens is het raadzaam om te controleren of CUPS onbereikbaar is vanaf publieke netwerken. Controleer of verkeer van en naar UDP poort 631 wordt geblokkeerd. Hiermee wordt het risico van misbruik vanaf publieke netwerken verminderd.\n\n**UPDATE**\nEr zijn patches beschikbaar gesteld om de kwetsbaarheden te verhelpen. Deze zijn doorgevoerd in de distributies van GNU/Linux systemen.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Binding to an Unrestricted IP Address",
"title": "CWE-1327"
},
{
"category": "general",
"text": "Improper Verification of Source of a Communication Channel",
"title": "CWE-940"
},
{
"category": "general",
"text": "Exposed Dangerous Method or Function",
"title": "CWE-749"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - redhat",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47076"
},
{
"category": "external",
"summary": "Reference - redhat",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47175"
},
{
"category": "external",
"summary": "Reference - redhat",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47176"
},
{
"category": "external",
"summary": "Reference - redhat",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47177"
}
],
"title": "Kwetsbaarheden ontdekt in CUPS",
"tracking": {
"current_release_date": "2024-10-02T08:45:09.718543Z",
"id": "NCSC-2024-0384",
"initial_release_date": "2024-09-27T08:45:53.798141Z",
"revision_history": [
{
"date": "2024-09-27T08:45:53.798141Z",
"number": "0",
"summary": "Initiele versie"
},
{
"date": "2024-10-02T08:45:09.718543Z",
"number": "1",
"summary": "New revision"
}
],
"status": "final",
"version": "1.0.1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "cups-browsed",
"product": {
"name": "cups-browsed",
"product_id": "CSAFPID-1656667",
"product_identification_helper": {
"cpe": "cpe:2.3:a:openprinting:cups-browsed:2.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cups-browsed",
"product": {
"name": "cups-browsed",
"product_id": "CSAFPID-1656629",
"product_identification_helper": {
"cpe": "cpe:2.3:a:openprinting:cups-browsed:__2.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cups-filters",
"product": {
"name": "cups-filters",
"product_id": "CSAFPID-1656665",
"product_identification_helper": {
"cpe": "cpe:2.3:a:openprinting:cups-filters:2.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cups-filters",
"product": {
"name": "cups-filters",
"product_id": "CSAFPID-1657010",
"product_identification_helper": {
"cpe": "cpe:2.3:a:openprinting:cups-filters:2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "cups-filters",
"product": {
"name": "cups-filters",
"product_id": "CSAFPID-1656651",
"product_identification_helper": {
"cpe": "cpe:2.3:a:openprinting:cups-filters:___2.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "libcupsfilters",
"product": {
"name": "libcupsfilters",
"product_id": "CSAFPID-1656666",
"product_identification_helper": {
"cpe": "cpe:2.3:a:openprinting:libcupsfilters:2.1b1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "libcupsfilters",
"product": {
"name": "libcupsfilters",
"product_id": "CSAFPID-1656627",
"product_identification_helper": {
"cpe": "cpe:2.3:a:openprinting:libcupsfilters:___2.1b1:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "openprinting"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47175",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-47175",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47175.json"
}
],
"title": "CVE-2024-47175"
},
{
"cve": "CVE-2024-47176",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Exposed Dangerous Method or Function",
"title": "CWE-749"
},
{
"category": "other",
"text": "Binding to an Unrestricted IP Address",
"title": "CWE-1327"
},
{
"category": "other",
"text": "Improper Verification of Source of a Communication Channel",
"title": "CWE-940"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1656629"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47176",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47176.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1656629"
]
}
],
"title": "CVE-2024-47176"
},
{
"cve": "CVE-2024-47177",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1656651"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47177",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47177.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1656651"
]
}
],
"title": "CVE-2024-47177"
},
{
"cve": "CVE-2024-47076",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1656627"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47076",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47076.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1656627"
]
}
],
"title": "CVE-2024-47076"
}
]
}
WID-SEC-W-2024-2240
Vulnerability from csaf_certbund - Published: 2024-09-26 22:00 - Updated: 2025-01-12 23:00Summary
CUPS: Mehrere Schwachstellen ermöglichen Ausführung von beliebigem Programmcode
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
CUPS (Common Unix Printing System) ist ein Printspooler, der es lokalen und entfernten Benutzern ermöglicht, Druckfunktionen über das Internet Printing Protocol (IPP) zu nutzen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in CUPS ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuführen und um Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
- UNIX
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "CUPS (Common Unix Printing System) ist ein Printspooler, der es lokalen und entfernten Benutzern erm\u00f6glicht, Druckfunktionen \u00fcber das Internet Printing Protocol (IPP) zu nutzen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in CUPS ausnutzen, um beliebigen Programmcode mit den Rechten des Dienstes auszuf\u00fchren und um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2240 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2240.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2240 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2240"
},
{
"category": "external",
"summary": "Evil Socket - Attacking UNIX Systems via CUPS vom 2024-09-26",
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"
},
{
"category": "external",
"summary": "GitHub Gist - CUPS disclosure vom 2024-09-26",
"url": "https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1"
},
{
"category": "external",
"summary": "Red Hat Security Bulletin RHSB-2024-002 vom 2024-09-26",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-rj88-6mr5-rcw8 vom 2024-09-26",
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-w63j-6g73-wmg5 vom 2024-09-26",
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-7xfx-47qg-grp6 vom 2024-09-26",
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-p9rh-jxmq-gq47 vom 2024-09-26",
"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47"
},
{
"category": "external",
"summary": "PoC",
"url": "https://github.com/RickdeJager/cupshax"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-01127974EC vom 2024-09-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-01127974ec"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7045-1 vom 2024-09-26",
"url": "https://ubuntu.com/security/notices/USN-7045-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7044-1 vom 2024-09-26",
"url": "https://ubuntu.com/security/notices/USN-7044-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7043-1 vom 2024-09-26",
"url": "https://ubuntu.com/security/notices/USN-7043-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7042-1 vom 2024-09-26",
"url": "https://ubuntu.com/security/notices/USN-7042-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7041-1 vom 2024-09-26",
"url": "https://ubuntu.com/security/notices/USN-7041-1"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-CF6AB63871 vom 2024-09-26",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-cf6ab63871"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3905 vom 2024-09-29",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00048.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3904 vom 2024-09-29",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00047.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7346 vom 2024-09-27",
"url": "https://access.redhat.com/errata/RHSA-2024:7346"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5779 vom 2024-09-29",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00192.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5778 vom 2024-09-29",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00191.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7171730 vom 2024-09-30",
"url": "https://www.ibm.com/support/pages/node/7171730"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:7346 vom 2024-09-30",
"url": "https://errata.build.resf.org/RLSA-2024:7346"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-7346 vom 2024-09-30",
"url": "https://linux.oracle.com/errata/ELSA-2024-7346.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7041-2 vom 2024-10-01",
"url": "https://ubuntu.com/security/notices/USN-7041-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7461 vom 2024-10-01",
"url": "https://access.redhat.com/errata/RHSA-2024:7461"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7462 vom 2024-10-01",
"url": "https://access.redhat.com/errata/RHSA-2024:7462"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7463 vom 2024-10-01",
"url": "https://access.redhat.com/errata/RHSA-2024:7463"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7043-2 vom 2024-10-01",
"url": "https://ubuntu.com/security/notices/USN-7043-2"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7553 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7553"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7504 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7504"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7503 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7503"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7506 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7506"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7623 vom 2024-10-03",
"url": "https://access.redhat.com/errata/RHSA-2024:7623"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-7463 vom 2024-10-02",
"url": "http://linux.oracle.com/errata/ELSA-2024-7463.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7551 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7551"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3523-1 vom 2024-10-04",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/53P3ZI4CMCGA6USMZJILJTM3YJC3QERY/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7041-3 vom 2024-10-07",
"url": "https://ubuntu.com/security/notices/USN-7041-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7043-3 vom 2024-10-07",
"url": "https://ubuntu.com/security/notices/USN-7043-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7043-4 vom 2024-10-09",
"url": "https://ubuntu.com/security/notices/USN-7042-2"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7043-4 vom 2024-10-09",
"url": "https://ubuntu.com/security/notices/USN-7043-4"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3570-1 vom 2024-10-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019581.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3711-1 vom 2024-10-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019654.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7042-3 vom 2024-10-21",
"url": "https://ubuntu.com/security/notices/USN-7042-3"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:7463 vom 2024-10-25",
"url": "https://errata.build.resf.org/RLSA-2024:7463"
},
{
"category": "external",
"summary": "IGEL Security Notice ISN-2024-19 vom 2024-10-31",
"url": "https://kb.igel.com/security-safety/current/isn-2024-19-cups-vulnerabilities"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2656 vom 2024-11-01",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2656.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:3863-1 vom 2024-11-01",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/JUIJY4Q67AEFHXIYBPNGXZAXSLJ6JFKF/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9470 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9470"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-7553 vom 2024-11-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-7553.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-9470 vom 2024-11-21",
"url": "https://linux.oracle.com/errata/ELSA-2024-9470.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:0083 vom 2025-01-08",
"url": "https://access.redhat.com/errata/RHSA-2025:0083"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-0083 vom 2025-01-11",
"url": "http://linux.oracle.com/errata/ELSA-2025-0083.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:0083 vom 2025-01-11",
"url": "https://errata.build.resf.org/RLSA-2025:0083"
}
],
"source_lang": "en-US",
"title": "CUPS: Mehrere Schwachstellen erm\u00f6glichen Ausf\u00fchrung von beliebigem Programmcode",
"tracking": {
"current_release_date": "2025-01-12T23:00:00.000+00:00",
"generator": {
"date": "2025-01-13T09:09:07.410+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.10"
}
},
"id": "WID-SEC-W-2024-2240",
"initial_release_date": "2024-09-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-09-29T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian und Red Hat aufgenommen"
},
{
"date": "2024-09-30T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM, Rocky Enterprise Software Foundation und Oracle Linux aufgenommen"
},
{
"date": "2024-10-01T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-10-06T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-10-09T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
},
{
"date": "2024-10-17T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-10-21T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-10-27T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-10-31T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von IGEL und Amazon aufgenommen"
},
{
"date": "2024-11-03T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-13T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-11-20T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-01-07T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-01-12T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Oracle Linux und Rocky Enterprise Software Foundation aufgenommen"
}
],
"status": "final",
"version": "17"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Certified Container",
"product": {
"name": "IBM App Connect Enterprise Certified Container",
"product_id": "T037907",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "11",
"product": {
"name": "IGEL OS 11",
"product_id": "T030282",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:11"
}
}
},
{
"category": "product_version",
"name": "12",
"product": {
"name": "IGEL OS 12",
"product_id": "T030283",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:12"
}
}
}
],
"category": "product_name",
"name": "OS"
}
],
"category": "vendor",
"name": "IGEL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.0.1",
"product": {
"name": "Open Source CUPS \u003c=2.0.1",
"product_id": "825896"
}
},
{
"category": "product_version_range",
"name": "\u003c=2.0.1",
"product": {
"name": "Open Source CUPS \u003c=2.0.1",
"product_id": "825896-fixed"
}
}
],
"category": "product_name",
"name": "CUPS"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in mehreren Komponenten des CUPS-Drucksystems. Wenn \"cups-browsed\" einen Drucker entdeckt (\u00fcber UDP-Port 631 oder DNS-Diensterkennung/mDNS), stellt es eine Verbindung zum IPP-Server her, der in der Anzeige angegeben ist, und ruft dessen Eigenschaften ab. In dieser Anfrage wird die verwendete Kernel-Version von \"cups-browsed\" gegen\u00fcber dem IPP-Server offengelegt. Diese Information kann f\u00fcr einen Angreifer in nachgelagerten Angriffen n\u00fctzlich sein. Das IPP-Attribut \"printer-privacy-policy-uri\" wird in \"libcupsfilters\", \"libppd\" und \"cups-filters\" nicht ordnungsgem\u00e4\u00df bez\u00fcglich sch\u00e4dlicher Befehle im Parameter \"FoomaticRIPCommandLine\" bereinigt. Ein von einem Angreifer kontrollierter IPP-Server kann dies ausnutzen, um in seiner Antwort beliebige URIs und Shell-Befehle zur\u00fcckzugeben, wodurch das betroffene System diese URL l\u00e4dt und den Befehl ausf\u00fchrt, sobald ein Druckauftrag gestartet wird. Ein anonymer Angreifer kann diese Schwachstellen in Kombination ausnutzen, um beliebigen Code auf dem Zielhost als \"lp\"-Benutzer auszuf\u00fchren und um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T030282",
"T004914",
"T037907",
"T030283",
"T032255",
"74185"
],
"last_affected": [
"825896"
]
},
"release_date": "2024-09-26T22:00:00.000+00:00",
"title": "CVE-2024-47076"
},
{
"cve": "CVE-2024-47175",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in mehreren Komponenten des CUPS-Drucksystems. Wenn \"cups-browsed\" einen Drucker entdeckt (\u00fcber UDP-Port 631 oder DNS-Diensterkennung/mDNS), stellt es eine Verbindung zum IPP-Server her, der in der Anzeige angegeben ist, und ruft dessen Eigenschaften ab. In dieser Anfrage wird die verwendete Kernel-Version von \"cups-browsed\" gegen\u00fcber dem IPP-Server offengelegt. Diese Information kann f\u00fcr einen Angreifer in nachgelagerten Angriffen n\u00fctzlich sein. Das IPP-Attribut \"printer-privacy-policy-uri\" wird in \"libcupsfilters\", \"libppd\" und \"cups-filters\" nicht ordnungsgem\u00e4\u00df bez\u00fcglich sch\u00e4dlicher Befehle im Parameter \"FoomaticRIPCommandLine\" bereinigt. Ein von einem Angreifer kontrollierter IPP-Server kann dies ausnutzen, um in seiner Antwort beliebige URIs und Shell-Befehle zur\u00fcckzugeben, wodurch das betroffene System diese URL l\u00e4dt und den Befehl ausf\u00fchrt, sobald ein Druckauftrag gestartet wird. Ein anonymer Angreifer kann diese Schwachstellen in Kombination ausnutzen, um beliebigen Code auf dem Zielhost als \"lp\"-Benutzer auszuf\u00fchren und um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T030282",
"T004914",
"T037907",
"T030283",
"T032255",
"74185"
],
"last_affected": [
"825896"
]
},
"release_date": "2024-09-26T22:00:00.000+00:00",
"title": "CVE-2024-47175"
},
{
"cve": "CVE-2024-47176",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in mehreren Komponenten des CUPS-Drucksystems. Wenn \"cups-browsed\" einen Drucker entdeckt (\u00fcber UDP-Port 631 oder DNS-Diensterkennung/mDNS), stellt es eine Verbindung zum IPP-Server her, der in der Anzeige angegeben ist, und ruft dessen Eigenschaften ab. In dieser Anfrage wird die verwendete Kernel-Version von \"cups-browsed\" gegen\u00fcber dem IPP-Server offengelegt. Diese Information kann f\u00fcr einen Angreifer in nachgelagerten Angriffen n\u00fctzlich sein. Das IPP-Attribut \"printer-privacy-policy-uri\" wird in \"libcupsfilters\", \"libppd\" und \"cups-filters\" nicht ordnungsgem\u00e4\u00df bez\u00fcglich sch\u00e4dlicher Befehle im Parameter \"FoomaticRIPCommandLine\" bereinigt. Ein von einem Angreifer kontrollierter IPP-Server kann dies ausnutzen, um in seiner Antwort beliebige URIs und Shell-Befehle zur\u00fcckzugeben, wodurch das betroffene System diese URL l\u00e4dt und den Befehl ausf\u00fchrt, sobald ein Druckauftrag gestartet wird. Ein anonymer Angreifer kann diese Schwachstellen in Kombination ausnutzen, um beliebigen Code auf dem Zielhost als \"lp\"-Benutzer auszuf\u00fchren und um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T030282",
"T004914",
"T037907",
"T030283",
"T032255",
"74185"
],
"last_affected": [
"825896"
]
},
"release_date": "2024-09-26T22:00:00.000+00:00",
"title": "CVE-2024-47176"
},
{
"cve": "CVE-2024-47177",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen in mehreren Komponenten des CUPS-Drucksystems. Wenn \"cups-browsed\" einen Drucker entdeckt (\u00fcber UDP-Port 631 oder DNS-Diensterkennung/mDNS), stellt es eine Verbindung zum IPP-Server her, der in der Anzeige angegeben ist, und ruft dessen Eigenschaften ab. In dieser Anfrage wird die verwendete Kernel-Version von \"cups-browsed\" gegen\u00fcber dem IPP-Server offengelegt. Diese Information kann f\u00fcr einen Angreifer in nachgelagerten Angriffen n\u00fctzlich sein. Das IPP-Attribut \"printer-privacy-policy-uri\" wird in \"libcupsfilters\", \"libppd\" und \"cups-filters\" nicht ordnungsgem\u00e4\u00df bez\u00fcglich sch\u00e4dlicher Befehle im Parameter \"FoomaticRIPCommandLine\" bereinigt. Ein von einem Angreifer kontrollierter IPP-Server kann dies ausnutzen, um in seiner Antwort beliebige URIs und Shell-Befehle zur\u00fcckzugeben, wodurch das betroffene System diese URL l\u00e4dt und den Befehl ausf\u00fchrt, sobald ein Druckauftrag gestartet wird. Ein anonymer Angreifer kann diese Schwachstellen in Kombination ausnutzen, um beliebigen Code auf dem Zielhost als \"lp\"-Benutzer auszuf\u00fchren und um Informationen offenzulegen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T030282",
"T004914",
"T037907",
"T030283",
"T032255",
"74185"
],
"last_affected": [
"825896"
]
},
"release_date": "2024-09-26T22:00:00.000+00:00",
"title": "CVE-2024-47177"
}
]
}
SUSE-SU-2024:3863-1
Vulnerability from csaf_suse - Published: 2024-11-01 15:04 - Updated: 2024-11-01 15:04Summary
Security update for cups-filters
Notes
Title of the patch
Security update for cups-filters
Description of the patch
This update for cups-filters fixes the following issues:
- CVE-2024-47850: cups-browsed can be abused to initiate remote DDoS against third-party targets (bsc#1231294)
- CVE-2024-47076: Fixed lack of input sanitization in cfGetPrinterAttributes5 (bsc#1230937).
Patchnames
SUSE-2024-3863,SUSE-SLE-Module-Basesystem-15-SP5-2024-3863,SUSE-SLE-Module-Basesystem-15-SP6-2024-3863,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3863,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3863,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3863,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3863,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3863,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3863,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3863,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3863,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3863,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3863,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3863,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3863,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3863,SUSE-Storage-7.1-2024-3863,openSUSE-SLE-15.5-2024-3863,openSUSE-SLE-15.6-2024-3863
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cups-filters",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cups-filters fixes the following issues:\n\n- CVE-2024-47850: cups-browsed can be abused to initiate remote DDoS against third-party targets (bsc#1231294)\n- CVE-2024-47076: Fixed lack of input sanitization in cfGetPrinterAttributes5 (bsc#1230937).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3863,SUSE-SLE-Module-Basesystem-15-SP5-2024-3863,SUSE-SLE-Module-Basesystem-15-SP6-2024-3863,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3863,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3863,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3863,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3863,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3863,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3863,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3863,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3863,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3863,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3863,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3863,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3863,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3863,SUSE-Storage-7.1-2024-3863,openSUSE-SLE-15.5-2024-3863,openSUSE-SLE-15.6-2024-3863",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3863-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3863-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243863-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3863-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019765.html"
},
{
"category": "self",
"summary": "SUSE Bug 1230937",
"url": "https://bugzilla.suse.com/1230937"
},
{
"category": "self",
"summary": "SUSE Bug 1231294",
"url": "https://bugzilla.suse.com/1231294"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47850 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47850/"
}
],
"title": "Security update for cups-filters",
"tracking": {
"current_release_date": "2024-11-01T15:04:49Z",
"generator": {
"date": "2024-11-01T15:04:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3863-1",
"initial_release_date": "2024-11-01T15:04:49Z",
"revision_history": [
{
"date": "2024-11-01T15:04:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-1.25.0-150200.3.19.2.aarch64",
"product": {
"name": "cups-filters-1.25.0-150200.3.19.2.aarch64",
"product_id": "cups-filters-1.25.0-150200.3.19.2.aarch64"
}
},
{
"category": "product_version",
"name": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"product": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"product_id": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-1.25.0-150200.3.19.2.i586",
"product": {
"name": "cups-filters-1.25.0-150200.3.19.2.i586",
"product_id": "cups-filters-1.25.0-150200.3.19.2.i586"
}
},
{
"category": "product_version",
"name": "cups-filters-devel-1.25.0-150200.3.19.2.i586",
"product": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.i586",
"product_id": "cups-filters-devel-1.25.0-150200.3.19.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-1.25.0-150200.3.19.2.ppc64le",
"product": {
"name": "cups-filters-1.25.0-150200.3.19.2.ppc64le",
"product_id": "cups-filters-1.25.0-150200.3.19.2.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"product": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"product_id": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-1.25.0-150200.3.19.2.s390x",
"product": {
"name": "cups-filters-1.25.0-150200.3.19.2.s390x",
"product_id": "cups-filters-1.25.0-150200.3.19.2.s390x"
}
},
{
"category": "product_version",
"name": "cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"product": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"product_id": "cups-filters-devel-1.25.0-150200.3.19.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"product": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"product_id": "cups-filters-1.25.0-150200.3.19.2.x86_64"
}
},
{
"category": "product_version",
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"product": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"product_id": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.25.0-150200.3.19.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.aarch64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.s390x"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
},
"product_reference": "cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47076"
}
],
"notes": [
{
"category": "general",
"text": "CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Proxy 4.3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Proxy 4.3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47076",
"url": "https://www.suse.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "SUSE Bug 1230932 for CVE-2024-47076",
"url": "https://bugzilla.suse.com/1230932"
},
{
"category": "external",
"summary": "SUSE Bug 1230937 for CVE-2024-47076",
"url": "https://bugzilla.suse.com/1230937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Proxy 4.3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Proxy 4.3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Proxy 4.3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Proxy 4.3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-01T15:04:49Z",
"details": "important"
}
],
"title": "CVE-2024-47076"
},
{
"cve": "CVE-2024-47850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47850"
}
],
"notes": [
{
"category": "general",
"text": "CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Proxy 4.3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Proxy 4.3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47850",
"url": "https://www.suse.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "SUSE Bug 1231294 for CVE-2024-47850",
"url": "https://bugzilla.suse.com/1231294"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Proxy 4.3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Proxy 4.3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Enterprise Storage 7.1:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Enterprise Storage 7.1:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Proxy 4.3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Proxy 4.3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.s390x",
"SUSE Manager Server 4.3:cups-filters-1.25.0-150200.3.19.2.x86_64",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"SUSE Manager Server 4.3:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.5:cups-filters-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.5:cups-filters-devel-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.6:cups-filters-1.25.0-150200.3.19.2.x86_64",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.aarch64",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.ppc64le",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.s390x",
"openSUSE Leap 15.6:cups-filters-devel-1.25.0-150200.3.19.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-01T15:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2024-47850"
}
]
}
FKIE_CVE-2024-47076
Vulnerability from fkie_nvd - Published: 2024-09-26 22:15 - Updated: 2025-11-03 23:16
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Summary
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openprinting | libcupsfilters | * | |
| openprinting | libcupsfilters | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openprinting:libcupsfilters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3C88C8-8803-4C8C-A4CB-DAB1474BCF79",
"versionEndIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openprinting:libcupsfilters:2.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BFD5B4F4-B4E7-4C27-A34B-EFC92A58B124",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system."
},
{
"lang": "es",
"value": "CUPS es un sistema de impresi\u00f3n de c\u00f3digo abierto basado en est\u00e1ndares, y `libcupsfilters` contiene el c\u00f3digo de los filtros del antiguo paquete `cups-filters` como funciones de librer\u00eda que se utilizar\u00e1n para las tareas de conversi\u00f3n de formato de datos necesarias en las aplicaciones de impresora. La funci\u00f3n `cfGetPrinterAttributes5` en `libcupsfilters` no desinfecta los atributos IPP devueltos desde un servidor IPP. Cuando estos atributos IPP se utilizan, por ejemplo, para generar un archivo PPD, esto puede provocar que se proporcionen datos controlados por un atacante al resto del sistema CUPS."
}
],
"id": "CVE-2024-47076",
"lastModified": "2025-11-03T23:16:12.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-26T22:15:04.063",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5"
},
{
"source": "security-advisories@github.com",
"tags": [
"Not Applicable"
],
"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://www.cups.org"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00048.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241011-0001/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2024-ALE-012
Vulnerability from certfr_alerte - Published: - Updated:
[Mise à jour du 10 octobre 2024]
Le 28 septembre 2024, Elastic Security Labs a publié des règles de détection au format propriétaire de l'éditeur (cf. section Documentation), qui sont confirmées par les analyses du CERT-FR pour la détection des attaques connues.
[Publication initiale]
De multiples vulnérabilités ont été découvertes dans OpenPrinting CUPS et dans le composant cups-browsed. Celui-ci permet notamment de découvrir automatiquement des imprimantes partagées sur le réseau.
Au total, quatre vulnérabilités ont été identifiées. Elles permettent :
- de récupérer des informations sur le système d'information de la victime;
- d'ajouter automatiquement sur le système une nouvelle imprimante, voire de remplacer une imprimante existante;
- d'exécuter du code arbitraire à distance, lorsque l'utilisateur lance une tâche d'impression sur l'imprimante ajoutée précédemment.
Le CERT-FR a connaissance de codes d'exploitation publics mais pas encore de cas d'exploitation active.
Solutions
[Mise à jour du 01 octobre 2024]
Des correctifs sont disponibles pour certaines distributions. (cf. section Documentation)
Mesures de contournement
[Mise à jour du 01 octobre 2024]
Pour les distributions n'ayant pas de correctif disponible, le CERT-FR recommande :
- de désactiver le service cups-browsed si celui-ci est installé. Les commandes suivantes permettent par exemple d'arrêter puis de désactiver le service pour les systèmes utilisant systemd :
sudo systemctl stop cups-browsed sudo systemctl disable cups-browsed
- si la désactivation du service n'est pas envisageable, il est possible de modifier le fichier de configuration de cups-browsed, généralement situé dans
/etc/cups/cups-browsed.confen remplaçant la ligneBrowseRemoteProtocols dnssd cupsparBrowseRemoteProtocols none; - de limiter l'accès au port 631 sur UDP et plus généralement de mettre en place des mécanismes de filtrage réseau utilisant des listes d'autorisation.
En l'état des connaissances actuelles, si le service cups-browsed est inaccessible, l'attaquant ne peut pas ajouter une imprimante malveillante à l'insu de l'utilisateur, ce qui bloque la chaîne d'exploitation.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| OpenPrinting | cups-browsed | OpenPrinting cups-browsed toutes versions | ||
| OpenPrinting | libcupsfilters | OpenPrinting libcupsfilters toutes versions | ||
| OpenPrinting | libppd | OpenPrinting libppd toutes versions | ||
| OpenPrinting | cups-filter | OpenPrinting cups-filter toutes versions |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OpenPrinting cups-browsed toutes versions",
"product": {
"name": "cups-browsed",
"vendor": {
"name": "OpenPrinting",
"scada": false
}
}
},
{
"description": "OpenPrinting libcupsfilters toutes versions",
"product": {
"name": "libcupsfilters",
"vendor": {
"name": "OpenPrinting",
"scada": false
}
}
},
{
"description": "OpenPrinting libppd toutes versions",
"product": {
"name": "libppd",
"vendor": {
"name": "OpenPrinting",
"scada": false
}
}
},
{
"description": "OpenPrinting cups-filter toutes versions",
"product": {
"name": "cups-filter",
"vendor": {
"name": "OpenPrinting",
"scada": false
}
}
}
],
"affected_systems_content": "",
"closed_at": "2024-11-21",
"content": "## Solutions\n\n\u003cspan class=\"important-content\"\u003e**[Mise \u00e0 jour du 01 octobre 2024]**\u003c/span\u003e\n\nDes correctifs sont disponibles pour certaines distributions. (cf. section Documentation)\n\n## Mesures de contournement\n\n\u003cspan class=\"important-content\"\u003e**[Mise \u00e0 jour du 01 octobre 2024]**\u003c/span\u003e\n\n\u003cspan class=\"important-content\"\u003ePour les distributions n\u0027ayant pas de correctif disponible\u003c/span\u003e, le CERT-FR recommande\u00a0:\n\u003cul\u003e\n \t\u003cli\u003ede d\u00e9sactiver le service cups-browsed si celui-ci est install\u00e9. Les commandes suivantes permettent par exemple d\u0027arr\u00eater puis de d\u00e9sactiver le service pour les syst\u00e8mes utilisant systemd : \u003cbr\u003e\u003cpre\u003esudo systemctl stop cups-browsed\nsudo systemctl disable cups-browsed \u003c/pre\u003e\u003c/li\u003e\n\t\u003cli\u003esi la d\u00e9sactivation du service n\u0027est pas envisageable, il est possible de modifier le fichier de configuration de cups-browsed, g\u00e9n\u00e9ralement situ\u00e9 dans \u003ccode\u003e/etc/cups/cups-browsed.conf\u003c/code\u003e en rempla\u00e7ant la ligne \u003ccode\u003eBrowseRemoteProtocols dnssd cups\u003c/code\u003e par \u003ccode\u003eBrowseRemoteProtocols none\u003c/code\u003e;\u003c/li\u003e\n \t\u003cli\u003ede limiter l\u0027acc\u00e8s au port 631 sur UDP et plus g\u00e9n\u00e9ralement de mettre en place des m\u00e9canismes de filtrage r\u00e9seau utilisant des listes d\u0027autorisation.\u003c/li\u003e\n\t\u003c/ul\u003e\nEn l\u0027\u00e9tat des connaissances actuelles, si le service cups-browsed est inaccessible, l\u0027attaquant ne peut pas ajouter une imprimante malveillante \u00e0 l\u0027insu de l\u0027utilisateur, ce qui bloque la cha\u00eene d\u0027exploitation.\n",
"cves": [
{
"name": "CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"name": "CVE-2024-47177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
},
{
"name": "CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"name": "CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7043-1",
"url": "https://ubuntu.com/security/notices/USN-7043-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7042-1",
"url": "https://ubuntu.com/security/notices/USN-7042-1"
},
{
"title": "Billet de blogue Elastic Security Labs du 28 septembre 2024",
"url": "https://www.elastic.co/security-labs/cups-overflow"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DLA-3905-1",
"url": "https://security-tracker.debian.org/tracker/DLA-3905-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-5778-1",
"url": "https://security-tracker.debian.org/tracker/DSA-5778-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"title": "Base de connaissance SUSE 000021571",
"url": "https://www.suse.com/support/kb/doc/?id=000021571"
}
],
"reference": "CERTFR-2024-ALE-012",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-27T00:00:00.000000"
},
{
"description": "Ajout de publications d\u0027avis \u00e9diteur",
"revision_date": "2024-10-01T00:00:00.000000"
},
{
"description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2024-11-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "\u003cspan class=\"important-content\"\u003e**[Mise \u00e0 jour du 10 octobre 2024]**\u003c/span\u003e\n\nLe 28 septembre 2024, Elastic Security Labs a publi\u00e9 des r\u00e8gles de d\u00e9tection au format propri\u00e9taire de l\u0027\u00e9diteur (cf. section Documentation), qui sont confirm\u00e9es par les analyses du CERT-FR pour la d\u00e9tection des attaques connues.\n\n**[Publication initiale]**\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenPrinting CUPS et dans le composant cups-browsed. Celui-ci permet notamment de d\u00e9couvrir automatiquement des imprimantes partag\u00e9es sur le r\u00e9seau. \n\n\n\nAu total, quatre vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es. Elles permettent : \n\n- de r\u00e9cup\u00e9rer des informations sur le syst\u00e8me d\u0027information de la victime;\n- d\u0027ajouter automatiquement sur le syst\u00e8me une nouvelle imprimante, voire de remplacer une imprimante existante;\n- d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance, lorsque l\u0027utilisateur lance une t\u00e2che d\u0027impression sur l\u0027imprimante ajout\u00e9e pr\u00e9c\u00e9demment.\n\n\n Le CERT-FR a connaissance de codes d\u0027exploitation publics mais pas encore de cas d\u0027exploitation active.",
"title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9s affectant OpenPrinting CUPS",
"vendor_advisories": []
}
CERTFR-2024-ALE-012
Vulnerability from certfr_alerte - Published: - Updated:
[Mise à jour du 10 octobre 2024]
Le 28 septembre 2024, Elastic Security Labs a publié des règles de détection au format propriétaire de l'éditeur (cf. section Documentation), qui sont confirmées par les analyses du CERT-FR pour la détection des attaques connues.
[Publication initiale]
De multiples vulnérabilités ont été découvertes dans OpenPrinting CUPS et dans le composant cups-browsed. Celui-ci permet notamment de découvrir automatiquement des imprimantes partagées sur le réseau.
Au total, quatre vulnérabilités ont été identifiées. Elles permettent :
- de récupérer des informations sur le système d'information de la victime;
- d'ajouter automatiquement sur le système une nouvelle imprimante, voire de remplacer une imprimante existante;
- d'exécuter du code arbitraire à distance, lorsque l'utilisateur lance une tâche d'impression sur l'imprimante ajoutée précédemment.
Le CERT-FR a connaissance de codes d'exploitation publics mais pas encore de cas d'exploitation active.
Solutions
[Mise à jour du 01 octobre 2024]
Des correctifs sont disponibles pour certaines distributions. (cf. section Documentation)
Mesures de contournement
[Mise à jour du 01 octobre 2024]
Pour les distributions n'ayant pas de correctif disponible, le CERT-FR recommande :
- de désactiver le service cups-browsed si celui-ci est installé. Les commandes suivantes permettent par exemple d'arrêter puis de désactiver le service pour les systèmes utilisant systemd :
sudo systemctl stop cups-browsed sudo systemctl disable cups-browsed
- si la désactivation du service n'est pas envisageable, il est possible de modifier le fichier de configuration de cups-browsed, généralement situé dans
/etc/cups/cups-browsed.confen remplaçant la ligneBrowseRemoteProtocols dnssd cupsparBrowseRemoteProtocols none; - de limiter l'accès au port 631 sur UDP et plus généralement de mettre en place des mécanismes de filtrage réseau utilisant des listes d'autorisation.
En l'état des connaissances actuelles, si le service cups-browsed est inaccessible, l'attaquant ne peut pas ajouter une imprimante malveillante à l'insu de l'utilisateur, ce qui bloque la chaîne d'exploitation.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| OpenPrinting | cups-browsed | OpenPrinting cups-browsed toutes versions | ||
| OpenPrinting | libcupsfilters | OpenPrinting libcupsfilters toutes versions | ||
| OpenPrinting | libppd | OpenPrinting libppd toutes versions | ||
| OpenPrinting | cups-filter | OpenPrinting cups-filter toutes versions |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OpenPrinting cups-browsed toutes versions",
"product": {
"name": "cups-browsed",
"vendor": {
"name": "OpenPrinting",
"scada": false
}
}
},
{
"description": "OpenPrinting libcupsfilters toutes versions",
"product": {
"name": "libcupsfilters",
"vendor": {
"name": "OpenPrinting",
"scada": false
}
}
},
{
"description": "OpenPrinting libppd toutes versions",
"product": {
"name": "libppd",
"vendor": {
"name": "OpenPrinting",
"scada": false
}
}
},
{
"description": "OpenPrinting cups-filter toutes versions",
"product": {
"name": "cups-filter",
"vendor": {
"name": "OpenPrinting",
"scada": false
}
}
}
],
"affected_systems_content": "",
"closed_at": "2024-11-21",
"content": "## Solutions\n\n\u003cspan class=\"important-content\"\u003e**[Mise \u00e0 jour du 01 octobre 2024]**\u003c/span\u003e\n\nDes correctifs sont disponibles pour certaines distributions. (cf. section Documentation)\n\n## Mesures de contournement\n\n\u003cspan class=\"important-content\"\u003e**[Mise \u00e0 jour du 01 octobre 2024]**\u003c/span\u003e\n\n\u003cspan class=\"important-content\"\u003ePour les distributions n\u0027ayant pas de correctif disponible\u003c/span\u003e, le CERT-FR recommande\u00a0:\n\u003cul\u003e\n \t\u003cli\u003ede d\u00e9sactiver le service cups-browsed si celui-ci est install\u00e9. Les commandes suivantes permettent par exemple d\u0027arr\u00eater puis de d\u00e9sactiver le service pour les syst\u00e8mes utilisant systemd : \u003cbr\u003e\u003cpre\u003esudo systemctl stop cups-browsed\nsudo systemctl disable cups-browsed \u003c/pre\u003e\u003c/li\u003e\n\t\u003cli\u003esi la d\u00e9sactivation du service n\u0027est pas envisageable, il est possible de modifier le fichier de configuration de cups-browsed, g\u00e9n\u00e9ralement situ\u00e9 dans \u003ccode\u003e/etc/cups/cups-browsed.conf\u003c/code\u003e en rempla\u00e7ant la ligne \u003ccode\u003eBrowseRemoteProtocols dnssd cups\u003c/code\u003e par \u003ccode\u003eBrowseRemoteProtocols none\u003c/code\u003e;\u003c/li\u003e\n \t\u003cli\u003ede limiter l\u0027acc\u00e8s au port 631 sur UDP et plus g\u00e9n\u00e9ralement de mettre en place des m\u00e9canismes de filtrage r\u00e9seau utilisant des listes d\u0027autorisation.\u003c/li\u003e\n\t\u003c/ul\u003e\nEn l\u0027\u00e9tat des connaissances actuelles, si le service cups-browsed est inaccessible, l\u0027attaquant ne peut pas ajouter une imprimante malveillante \u00e0 l\u0027insu de l\u0027utilisateur, ce qui bloque la cha\u00eene d\u0027exploitation.\n",
"cves": [
{
"name": "CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"name": "CVE-2024-47177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
},
{
"name": "CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"name": "CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7043-1",
"url": "https://ubuntu.com/security/notices/USN-7043-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7042-1",
"url": "https://ubuntu.com/security/notices/USN-7042-1"
},
{
"title": "Billet de blogue Elastic Security Labs du 28 septembre 2024",
"url": "https://www.elastic.co/security-labs/cups-overflow"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DLA-3905-1",
"url": "https://security-tracker.debian.org/tracker/DLA-3905-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-5778-1",
"url": "https://security-tracker.debian.org/tracker/DSA-5778-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSB-2024-002",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2024-002"
},
{
"title": "Base de connaissance SUSE 000021571",
"url": "https://www.suse.com/support/kb/doc/?id=000021571"
}
],
"reference": "CERTFR-2024-ALE-012",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-27T00:00:00.000000"
},
{
"description": "Ajout de publications d\u0027avis \u00e9diteur",
"revision_date": "2024-10-01T00:00:00.000000"
},
{
"description": "Cl\u00f4ture de l\u0027alerte. Cela ne signifie pas la fin d\u0027une menace. Seule l\u0027application de la mise \u00e0 jour permet de vous pr\u00e9munir contre l\u0027exploitation de la vuln\u00e9rabilit\u00e9 correspondante.",
"revision_date": "2024-11-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "\u003cspan class=\"important-content\"\u003e**[Mise \u00e0 jour du 10 octobre 2024]**\u003c/span\u003e\n\nLe 28 septembre 2024, Elastic Security Labs a publi\u00e9 des r\u00e8gles de d\u00e9tection au format propri\u00e9taire de l\u0027\u00e9diteur (cf. section Documentation), qui sont confirm\u00e9es par les analyses du CERT-FR pour la d\u00e9tection des attaques connues.\n\n**[Publication initiale]**\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenPrinting CUPS et dans le composant cups-browsed. Celui-ci permet notamment de d\u00e9couvrir automatiquement des imprimantes partag\u00e9es sur le r\u00e9seau. \n\n\n\nAu total, quatre vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es. Elles permettent : \n\n- de r\u00e9cup\u00e9rer des informations sur le syst\u00e8me d\u0027information de la victime;\n- d\u0027ajouter automatiquement sur le syst\u00e8me une nouvelle imprimante, voire de remplacer une imprimante existante;\n- d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance, lorsque l\u0027utilisateur lance une t\u00e2che d\u0027impression sur l\u0027imprimante ajout\u00e9e pr\u00e9c\u00e9demment.\n\n\n Le CERT-FR a connaissance de codes d\u0027exploitation publics mais pas encore de cas d\u0027exploitation active.",
"title": "[M\u00e0J] Vuln\u00e9rabilit\u00e9s affectant OpenPrinting CUPS",
"vendor_advisories": []
}
OPENSUSE-SU-2025:15563-1
Vulnerability from csaf_opensuse - Published: 2025-09-18 00:00 - Updated: 2025-09-18 00:00Summary
cups-filters-1.28.17-5.1 on GA media
Notes
Title of the patch
cups-filters-1.28.17-5.1 on GA media
Description of the patch
These are all security issues fixed in the cups-filters-1.28.17-5.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15563
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cups-filters-1.28.17-5.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cups-filters-1.28.17-5.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15563",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15563-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47076 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47175 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47175/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-47850 page",
"url": "https://www.suse.com/security/cve/CVE-2024-47850/"
}
],
"title": "cups-filters-1.28.17-5.1 on GA media",
"tracking": {
"current_release_date": "2025-09-18T00:00:00Z",
"generator": {
"date": "2025-09-18T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15563-1",
"initial_release_date": "2025-09-18T00:00:00Z",
"revision_history": [
{
"date": "2025-09-18T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-1.28.17-5.1.aarch64",
"product": {
"name": "cups-filters-1.28.17-5.1.aarch64",
"product_id": "cups-filters-1.28.17-5.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-filters-devel-1.28.17-5.1.aarch64",
"product": {
"name": "cups-filters-devel-1.28.17-5.1.aarch64",
"product_id": "cups-filters-devel-1.28.17-5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-1.28.17-5.1.ppc64le",
"product": {
"name": "cups-filters-1.28.17-5.1.ppc64le",
"product_id": "cups-filters-1.28.17-5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-filters-devel-1.28.17-5.1.ppc64le",
"product": {
"name": "cups-filters-devel-1.28.17-5.1.ppc64le",
"product_id": "cups-filters-devel-1.28.17-5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-1.28.17-5.1.s390x",
"product": {
"name": "cups-filters-1.28.17-5.1.s390x",
"product_id": "cups-filters-1.28.17-5.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-filters-devel-1.28.17-5.1.s390x",
"product": {
"name": "cups-filters-devel-1.28.17-5.1.s390x",
"product_id": "cups-filters-devel-1.28.17-5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-filters-1.28.17-5.1.x86_64",
"product": {
"name": "cups-filters-1.28.17-5.1.x86_64",
"product_id": "cups-filters-1.28.17-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-filters-devel-1.28.17-5.1.x86_64",
"product": {
"name": "cups-filters-devel-1.28.17-5.1.x86_64",
"product_id": "cups-filters-devel-1.28.17-5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.28.17-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-filters-1.28.17-5.1.aarch64"
},
"product_reference": "cups-filters-1.28.17-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.28.17-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-filters-1.28.17-5.1.ppc64le"
},
"product_reference": "cups-filters-1.28.17-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.28.17-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-filters-1.28.17-5.1.s390x"
},
"product_reference": "cups-filters-1.28.17-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-1.28.17-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-filters-1.28.17-5.1.x86_64"
},
"product_reference": "cups-filters-1.28.17-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.28.17-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.aarch64"
},
"product_reference": "cups-filters-devel-1.28.17-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.28.17-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.ppc64le"
},
"product_reference": "cups-filters-devel-1.28.17-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.28.17-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.s390x"
},
"product_reference": "cups-filters-devel-1.28.17-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-filters-devel-1.28.17-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.x86_64"
},
"product_reference": "cups-filters-devel-1.28.17-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47076"
}
],
"notes": [
{
"category": "general",
"text": "CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.x86_64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47076",
"url": "https://www.suse.com/security/cve/CVE-2024-47076"
},
{
"category": "external",
"summary": "SUSE Bug 1230932 for CVE-2024-47076",
"url": "https://bugzilla.suse.com/1230932"
},
{
"category": "external",
"summary": "SUSE Bug 1230937 for CVE-2024-47076",
"url": "https://bugzilla.suse.com/1230937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.x86_64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.x86_64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-47076"
},
{
"cve": "CVE-2024-47175",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47175"
}
],
"notes": [
{
"category": "general",
"text": "CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.x86_64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47175",
"url": "https://www.suse.com/security/cve/CVE-2024-47175"
},
{
"category": "external",
"summary": "SUSE Bug 1230932 for CVE-2024-47175",
"url": "https://bugzilla.suse.com/1230932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.x86_64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.x86_64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-47175"
},
{
"cve": "CVE-2024-47176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47176"
}
],
"notes": [
{
"category": "general",
"text": "CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.x86_64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47176",
"url": "https://www.suse.com/security/cve/CVE-2024-47176"
},
{
"category": "external",
"summary": "SUSE Bug 1230932 for CVE-2024-47176",
"url": "https://bugzilla.suse.com/1230932"
},
{
"category": "external",
"summary": "SUSE Bug 1230939 for CVE-2024-47176",
"url": "https://bugzilla.suse.com/1230939"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.x86_64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.x86_64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-47176"
},
{
"cve": "CVE-2024-47850",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-47850"
}
],
"notes": [
{
"category": "general",
"text": "CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.x86_64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-47850",
"url": "https://www.suse.com/security/cve/CVE-2024-47850"
},
{
"category": "external",
"summary": "SUSE Bug 1231294 for CVE-2024-47850",
"url": "https://bugzilla.suse.com/1231294"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.x86_64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-1.28.17-5.1.x86_64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.aarch64",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.ppc64le",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.s390x",
"openSUSE Tumbleweed:cups-filters-devel-1.28.17-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-47850"
}
]
}
CNVD-2024-39405
Vulnerability from cnvd - Published: 2024-09-27
VLAI Severity ?
Title
CUPS libcupsfilters输入验证错误漏洞
Description
CUPS是一个基于标准的开源打印系统。
CUPS libcupsfilters存在输入验证错误漏洞,攻击者可利用该漏洞绕过安全限制,添加恶意打印机或直接劫持现有打印机。
Severity
高
Patch Name
CUPS libcupsfilters输入验证错误漏洞的补丁
Patch Description
CUPS是一个基于标准的开源打印系统。
CUPS libcupsfilters存在输入验证错误漏洞,攻击者可利用该漏洞绕过安全限制,添加恶意打印机或直接劫持现有打印机。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.cups.org/
Reference
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
Impacted products
| Name | CUPS libcupsfilters <=2.1b1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-47076"
}
},
"description": "CUPS\u662f\u4e00\u4e2a\u57fa\u4e8e\u6807\u51c6\u7684\u5f00\u6e90\u6253\u5370\u7cfb\u7edf\u3002\n\nCUPS libcupsfilters\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6dfb\u52a0\u6076\u610f\u6253\u5370\u673a\u6216\u76f4\u63a5\u52ab\u6301\u73b0\u6709\u6253\u5370\u673a\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.cups.org/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-39405",
"openTime": "2024-09-27",
"patchDescription": "CUPS\u662f\u4e00\u4e2a\u57fa\u4e8e\u6807\u51c6\u7684\u5f00\u6e90\u6253\u5370\u7cfb\u7edf\u3002\r\n\r\nCUPS libcupsfilters\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\uff0c\u6dfb\u52a0\u6076\u610f\u6253\u5370\u673a\u6216\u76f4\u63a5\u52ab\u6301\u73b0\u6709\u6253\u5370\u673a\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "CUPS libcupsfilters\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "CUPS libcupsfilters \u003c=2.1b1"
},
"referenceLink": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",
"serverity": "\u9ad8",
"submitTime": "2024-09-27",
"title": "CUPS libcupsfilters\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…