Advisories » MGASA-2024-0227

Updated cups packages fix security vulnerability

Publication date: 17 Jun 2024
Modification date: 17 Jun 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-35235

Description

When starting the cupsd server with a Listen configuration item pointing
to a symbolic link, the cupsd process can be caused to perform an
arbitrary chmod of the provided argument, providing world-writable
access to the target.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33293
• https://www.openwall.com/lists/oss-security/2024/06/11/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35235

SRPMS

9/core

• cups-2.4.6-1.2.mga9