A security issue fixed upstream in CUPS has been announced today (June 22): https://www.openwall.com/lists/oss-security/2023/06/22/4 The commit that fixed the issue is linked in the message above. We should probably also update Cauldron to the latest upstream, due to bug and regression fixes: https://openprinting.github.io/cups-2.4.3/ https://openprinting.github.io/cups-2.4.4/ https://openprinting.github.io/cups-2.4.5/ https://openprinting.github.io/cups-2.4.6/ CUPS 2.4.6 also contains the fix for this security issue. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 2.4.6Whiteboard: (none) => MGA8TOO
A big version jump. Cups is normally done by Thierry, so assigning this to you. CC'ing NicolasS who did a recent patch.
CC: (none) => nicolas.salgueroAssignee: bugsquad => thierry.vignaud
Ubuntu has issued an advisory for this today (June 22): https://ubuntu.com/security/notices/USN-6184-1
fixed in cauldron
Whiteboard: MGA8TOO => (none)Version: Cauldron => 8CC: (none) => mageia
Suggested advisory: ======================== The updated packages fix a security vulnerability: Use-after-free in cupsdAcceptClient(). (CVE-2023-34241) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34241 https://www.openwall.com/lists/oss-security/2023/06/22/4 https://ubuntu.com/security/notices/USN-6184-1 ======================== Updated packages in core/updates_testing: ======================== cups-2.3.3op2-1.3.mga8 cups-common-2.3.3op2-1.3.mga8 cups-filesystem-2.3.3op2-1.3.mga8 cups-printerapp-2.3.3op2-1.3.mga8 lib(64)cups2-2.3.3op2-1.3.mga8 lib(64)cups2-devel-2.3.3op2-1.3.mga8 from SRPM: cups-2.3.3op2-1.3.mga8.src.rpm
Assignee: thierry.vignaud => qa-bugsStatus comment: Fixed upstream in 2.4.6 => (none)CVE: (none) => CVE-2023-34241Source RPM: cups-2.4.2-4.mga9.src.rpm => cups-2.3.3op2-1.2.mga8.src.rpmStatus: NEW => ASSIGNED
No installation issues. Tried printing with each of my HP printers: Deskjet 5650 - uses the hplip driver, test pages printed as they should. Color Laserjet CP1215 - uses the foo2hp driver, test pages printed as they should. Envy Photo 7858 - wireless connection, uses hplip, went through the motions of printing, but the cartridges are dried up. Scanner function works as it should. So it looks OK here with my HP printers, anyway. It probably should be checked with printers of another brand or two before validating.
CC: (none) => andrewsfarm
Print and scan with wireless HP Envy 6022, works OK.
CC: (none) => herman.viaene
mga8, x64 HP Photosmart 5520 wireless; print and scan OK.
CC: (none) => tarazed25
Printed a pdf of an image from Gwenview to my desktop using cups-pdf, so we have at least one test with a non-HP printer, even if it is a virtual printer. No issues, so I'm giving this an OK. Validating. Advisory in comment 4.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OK
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0223.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED