CVE-2024-47076 cups-filters: cfGetPrinterAttributes API does not perform sanitization on returned IPP attributes

Resolves: RHEL-60330

0001-cfGetPrinterAttributes5-Validate-response-attributes.patch

@@ -0,0 +1,19 @@
+diff --git a/cupsfilters/ipp.c b/cupsfilters/ipp.c
+index 2c3b740..6b2b784 100644
+--- a/cupsfilters/ipp.c
++++ b/cupsfilters/ipp.c
+@@ -377,6 +377,14 @@ get_printer_attributes5(http_t *http_printer,
+ 		     total_attrs);
+ 	ippDelete(response);
+       } else {
++
++	// Check if the response is valid
++	if (!ippValidateAttributes(response))
++	{
++	  ippDelete(response);
++	  response = NULL;
++	}
++
+ 	/* Suitable response, we are done */
+ 	if (have_http == 0) httpClose(http_printer);
+ 	if (uri) free(uri);

cups-filters.spec

@@ -46,6 +46,8 @@ Patch05: 0001-Use-description-location-from-server-if-available-ot.patch
 Patch06: browsed-ignore-NULL-attrs.patch
 # CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file
 Patch07: cups-filters-CVE-2024-47175.patch
+# CVE-2024-47076 cups-filters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes
+Patch08: 0001-cfGetPrinterAttributes5-Validate-response-attributes.patch
 
 
 # autogen.sh
@@ -445,6 +447,7 @@ fi
 %changelog
 * Tue Oct 01 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.7-18
 - CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file
+- CVE-2024-47076 cups-filters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes
 
 * Tue Aug 06 2024 Zdenek Dohnal <zdohnal@redhat.com> - 1.28.7-17
 - RHEL-46785 - fix errors during installability tests about modified cups-browsed.conf