From acdd4f091b16a7632b4dc93df9edbd6fff2d2fcb Mon Sep 17 00:00:00 2001 From: Zdenek Dohnal Date: Tue, 1 Oct 2024 13:39:15 +0200 Subject: [PATCH] CVE-2024-47176 cups-filters: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source Resolves: RHEL-60317 --- cups-filters.spec | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/cups-filters.spec b/cups-filters.spec index 63f809b..ddb3dd3 100644 --- a/cups-filters.spec +++ b/cups-filters.spec @@ -228,6 +228,7 @@ The package provides filters and cups-brf backend needed for braille printing. %else --disable-braille \ %endif + --with-browseremoteprotocols=none\ --with-remote-cups-local-queue-naming=RemoteName %make_build @@ -281,6 +282,14 @@ do fi done +# Set BrowseRemoteProtocols to none in light of CVE-2024-47176 +if ! grep -Fxq "# added by post scriptlet" %{_sysconfdir}/cups/cups-browsed.conf +then + cp %{_sysconfdir}/cups/cups-browsed.conf %{_sysconfdir}/cups/cups-browsed.conf.rpmsave + sed -i "s/^\s*BrowseRemoteProtocols.*/# added by post scriptlet\nBrowseRemoteProtocols none/" %{_sysconfdir}/cups/cups-browsed.conf +fi + + %preun %systemd_preun cups-browsed.service @@ -448,6 +457,7 @@ fi * Tue Oct 01 2024 Zdenek Dohnal - 1.28.7-18 - CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file - CVE-2024-47076 cups-filters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes +- CVE-2024-47176 cups-filters: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source * Tue Aug 06 2024 Zdenek Dohnal - 1.28.7-17 - RHEL-46785 - fix errors during installability tests about modified cups-browsed.conf