Advisories ยป MGASA-2023-0284

Updated cups packages fix security vulnerabilities

Publication date: 10 Oct 2023
Modification date: 10 Oct 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-4504 , CVE-2023-32360

Description

The updated packages fix security vulnerabilities:

It was discovered that CUPS incorrectly authenticated certain remote
requests. A remote attacker could possibly use this issue to obtain
recently printed documents. (CVE-2023-32360)

Due to failure in validating the length provided by an attacker-crafted
PPD PostScript document, CUPS and libppd are susceptible to a heap-based
buffer overflow and possibly code execution. (CVE-2023-4504)
                

References

SRPMS

8/core

9/core