rpms/cups-browsed
6
0
Fork 0
Code Issues Pull Requests Releases Activity

CVE-2024-47176 cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source

Browse Source 
Resolves: RHEL-60309
This commit is contained in:
Zdenek Dohnal 2024-10-15 16:54:12 +02:00
parent 4eca7304d4
commit 0330160936
2 changed files with 2404 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2390
0001-Removed-support-for-legacy-CUPS-browsing-and-for-LDA.patch Normal file
View File

File diff suppressed because it is too large Load Diff

15
cups-browsed.spec
View File

@ -10,7 +10,7 @@
Name: cups-browsed Name: cups-browsed
Epoch: 1 Epoch: 1
Version: 2.0.0 Version: 2.0.0
Release: 6%{?dist} Release: 7%{?dist}
Summary: Daemon for local auto-installation of remote printers Summary: Daemon for local auto-installation of remote printers
# the CUPS exception text is the same as LLVM exception, so using that name with # the CUPS exception text is the same as LLVM exception, so using that name with
# agreement from legal team # agreement from legal team
@ -30,6 +30,8 @@ Patch003: browsed-goto-fail.patch
# https://github.com/OpenPrinting/cups-browsed/pull/32 # https://github.com/OpenPrinting/cups-browsed/pull/32
# https://github.com/OpenPrinting/cups-browsed/pull/33 # https://github.com/OpenPrinting/cups-browsed/pull/33
Patch04: browsed-ignore-NULL-attrs.patch Patch04: browsed-ignore-NULL-attrs.patch
# CVE-2024-47176 cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
Patch05: 0001-Removed-support-for-legacy-CUPS-browsing-and-for-LDA.patch
# remove once CentOS Stream 10 is released, cups-browsed # remove once CentOS Stream 10 is released, cups-browsed
@ -160,6 +162,14 @@ do
fi fi
done done
# Set BrowseRemoteProtocols to none in light of CVE-2024-47176
if ! grep -Fxq "# added by post scriptlet" %{_sysconfdir}/cups/cups-browsed.conf
then
cp %{_sysconfdir}/cups/cups-browsed.conf %{_sysconfdir}/cups/cups-browsed.conf.rpmsave
sed -i "s/^\s*BrowseRemoteProtocols.*/# added by post scriptlet\nBrowseRemoteProtocols none/" %{_sysconfdir}/cups/cups-browsed.conf
fi
%preun %preun
%systemd_preun cups-browsed.service %systemd_preun cups-browsed.service
@ -216,6 +226,9 @@ fi
%changelog %changelog
* Tue Oct 15 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-7
- CVE-2024-47176 cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
* Tue Aug 06 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-6 * Tue Aug 06 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1:2.0.0-6
- RHEL-51349 Cups browsing with 'Autoclustering on' cannot find printer clusters for HA due incorrect orientation-requested-default - RHEL-51349 Cups browsing with 'Autoclustering on' cannot find printer clusters for HA due incorrect orientation-requested-default