A security issue fixed upstream in cups-filters has been announced:
Commits to fix the issue have been linked in the message above.
The fixes will be included in versions 2.0.0 and 1.28.18.
Mageia 8 is also affected.
Fixed upstream in 1.28.18Whiteboard:
Ubuntu has issued an advisory for this on May 17:
SUSE has issued an advisory for this on May 17:
Fedora has issued an advisory for this today (May 19):
This pkg has different committers, so assigning this update globally.
The updated packages fix a security vulnerability:
If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. (CVE-2023-24805)
Updated packages in core/updates_testing:
Fixed upstream in 1.28.18 =>
MGA8-64 Plasma system, with an HP color Laserjet CP1215 and cups-pdf printers installed.
No installation issues. Using the procedure from several previous updates, I checked the function of the printers, and both real and virtual functioned normally.
Giving this an OK, and validating. Advisory in comment 5.
An update for this issue has been pushed to the Mageia Updates repository.