<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>==========================================================================</p>
<div id=":13w" class="a3s aiL ">
Ubuntu Security Notice USN-6844-2<br>
June 28, 2024<br>
<br>
cups regression<br>
==============================<wbr>==============================<wbr>==============<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 24.04 LTS<br>
- Ubuntu 23.10<br>
- Ubuntu 22.04 LTS<br>
- Ubuntu 20.04 LTS<br>
- Ubuntu 18.04 LTS<br>
- Ubuntu 16.04 LTS<br>
<br>
Summary:<br>
<br>
USN-6844-1 caused the cupsd daemon to never start<br>
<br>
Software Description:<br>
- cups: Common UNIX Printing System(tm)<br>
<br>
Details:<br>
<br>
USN-6844-1 fixed vulnerabilities in the CUPS package. The update<br>
lead to the discovery of a regression in CUPS with regards to<br>
how the cupsd daemon handles Listen configuration directive. <br>
This update fixes the problem.<br>
<br>
We apologize for the inconvenience.<br>
<br>
Original advisory details:<br>
Rory McNamara discovered that when starting the cupsd server with
a<br>
Listen configuration item, the cupsd process fails to validate if<br>
bind call passed. An attacker could possibly trick cupsd to
perform<br>
an arbitrary chmod of the provided argument, providing
world-writable<br>
access to the target.<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 24.04 LTS<br>
cups 2.4.7-1.2ubuntu7.2<br>
cups-daemon 2.4.7-1.2ubuntu7.2<br>
<br>
Ubuntu 23.10<br>
cups 2.4.6-0ubuntu3.2<br>
cups-daemon 2.4.6-0ubuntu3.2<br>
<br>
Ubuntu 22.04 LTS<br>
cups 2.4.1op1-1ubuntu4.10<br>
cups-daemon 2.4.1op1-1ubuntu4.10<br>
<br>
Ubuntu 20.04 LTS<br>
cups 2.3.1-9ubuntu1.8<br>
cups-daemon 2.3.1-9ubuntu1.8<br>
<br>
Ubuntu 18.04 LTS<br>
cups 2.2.7-1ubuntu2.10+esm5<br>
Available with Ubuntu Pro<br>
cups-daemon 2.2.7-1ubuntu2.10+esm5<br>
Available with Ubuntu Pro<br>
<br>
Ubuntu 16.04 LTS<br>
cups 2.1.3-4ubuntu0.11+esm7<br>
Available with Ubuntu Pro<br>
cups-daemon 2.1.3-4ubuntu0.11+esm7<br>
Available with Ubuntu Pro<br>
<br>
In general, a standard system update will make all the necessary
changes.<br>
<br>
References:<br>
<a href="https://ubuntu.com/security/notices/USN-6844-2"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-6844-2&source=gmail&ust=1719999240550000&usg=AOvVaw3NumnNUPwduGSAoP42BRAo">https://ubuntu.com/security/no<wbr>tices/USN-6844-2</a><br>
<a href="https://ubuntu.com/security/notices/USN-6844-1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-6844-1&source=gmail&ust=1719999240550000&usg=AOvVaw0cUSqdQzDS5VjP88D3Mu_e">https://ubuntu.com/security/no<wbr>tices/USN-6844-1</a><br>
<a href="https://launchpad.net/bugs/2070315" rel="noreferrer"
target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/bugs/2070315&source=gmail&ust=1719999240550000&usg=AOvVaw2SCGAxxCoF5BHgMarUEFyY">https://launchpad.net/bugs/207<wbr>0315</a><br>
<br>
Package Information:<br>
<a
href="https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.2"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/cups/2.4.7-1.2ubuntu7.2&source=gmail&ust=1719999240550000&usg=AOvVaw0_usO1K7ga4ohEbQfFFiyQ">https://launchpad.net/ubuntu/+<wbr>source/cups/2.4.7-1.2ubuntu7.2</a><br>
<a
href="https://launchpad.net/ubuntu/+source/cups/2.4.6-0ubuntu3.2"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/cups/2.4.6-0ubuntu3.2&source=gmail&ust=1719999240550000&usg=AOvVaw2azVTgVsnOT0bNEyOEfztk">https://launchpad.net/ubuntu/+<wbr>source/cups/2.4.6-0ubuntu3.2</a><br>
<a
href="https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.10"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/cups/2.4.1op1-1ubuntu4.10&source=gmail&ust=1719999240550000&usg=AOvVaw0Vs15wY-FS59H-iHHLL-WT">https://launchpad.net/ubuntu/+<wbr>source/cups/2.4.1op1-1ubuntu4.<wbr>10</a><br>
<a
href="https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.8"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/cups/2.3.1-9ubuntu1.8&source=gmail&ust=1719999240550000&usg=AOvVaw0RSDPKjwqSTfwzmjqQjxnW">https://launchpad.net/ubuntu/+<wbr>source/cups/2.3.1-9ubuntu1.8</a></div>
</body>
</html>