Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.3133 cups security update 2 June 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: cups Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2023-32324 Original Bulletin: https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html Comment: CVSS (Max): 5.9 CVE-2023-32324 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: SUSE Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3440-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz June 01, 2023 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : cups Version : 2.2.10-6+deb10u7 CVE ID : CVE-2023-32324 An issue has been found in cups, the Common UNIX Printing System. Due to a buffer overflow vulnerability in the function format_log_line() a remote attackers could cause a denial-of-service(DoS). The vulnerability can be triggered when the configuration file cupsd.conf sets the value of "loglevel" to "DEBUG". For Debian 10 buster, this problem has been fixed in version 2.2.10-6+deb10u7. We recommend that you upgrade your cups packages. For the detailed security status of cups please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cups Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmR5DRVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEcBlA//cBaLIKhAOzMADdc9oNWLTU0jrrYO/HWL/b5ao8IqQ10j9QeGI1gYD4a3 M7YkFi4V4XTZYCQz6ORHG4lwHpOlAKqPoxfkFfipRyBxo5Xtt1d/swSNAdj1k9CB H2u9XwhmaXqPMThZcOaUiHiPa12GA9FKQtVTLIjIpgvEQIa5gZYXSj3pIf6ZfoLY VrtoHzcBMOdIa74kkU7S4O6gGB2xhWXXPuHYcVrc8dD97FxDpyGUKop3nFDYI+JL BlLMQidRczE85QthOFSPU3948Iqs+sX0o9xV9P+eybmtx8d3hgpJ7RGp5uErVpbk xR26dFGvPndfT+QzQ4jJpEYyE3xyHObmmfFY8weccSEXBC9gPwdQdbceLuz/cm8j KdXqw8ceta+MRH0oigQLRH2Q0husceX5Lvila3X1fAQN1AfibBN1fELoQYn/ZheK ejkXUY9xbLB+mWJTS3GtuYzw2hPZMkME/fXE95us1vYhTRtg3g+6OWZ+foVGsDOQ tCJ0+/7YIcJrYNGwXD0EyxJ0x8uo1x5q0FHlOtFjWv6iitmRJvx52Ee8d6c+CVl4 kgj4J/KdJWWClPrQAYCX8uVVO43hLRfC7/hIo/X9yqvCc7ERwzNFSVdWVJxsNbkT wUxsLzoZrZinrttuKwgjyCOLnK7LiPb64BXsGe+oVlOvD20cxYk= =oZJ7 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZHmBkskNZI30y1K9AQjy9g/9FhZKqQl9vMMvOfOCuJKlDIbsg9IUBMXI tIjU4EaxsvkAx8ywG82L7ooF5axBi+zEXABIu7I5btNY5KDIv7yNLOl6dtGN2hkC T1uQGb5T6Q43XaO2I61W+DWc9jaa9P/n5zvqMxJrXFKAd8hOb9R/xfMQdw0DsdOI r593Iqib2J/HeGr02Pm1IGu+zf6cAX0BMpSZ/DxSprT/Ztc7QV2cCEwGXOAEJYfw A/r5MWj3ORFPsEBQLbh10qEYlpk6txrx9LaCKbARyA2zTjeLzu9YCSzYtlPM3SsE B758hRojutotZiO7MUxYBEdpWmlb/BnxrLiN0rTf4LelXXKjmMEnfarhKbEjLQ2T JHzIQQZ9XSRVCGIAFbvYKvF+EiElusVLCrXzp7azGC0pwzXZ9IQIwj30daTyW5ia 0jZ7bWoIDs8hFrVuqpEl/fQI7eHKd8BOAf17PgorJ96NtXcN0O4QGcEC+kq7lLq9 u4JqxpvwrNJKDbY/kN+jEezqrjFMcXT1hplyeOnsvZKmiQrl4SKoanG0tyAOXZ/I cZB4ZCPlkpmucWu587v4OQ2lW18Guq0i95is75d+BJ4cEVMCcIqwj1ZMFwCRLzLM 6grjzAisAQKHTwqV7329fe9GZhbgVyUqOpZR6+p3vgUuYOFOU5CeOU17yAMuCVbU 38TIG9cbfhE= =7Mt/ -----END PGP SIGNATURE-----