Lucene search

Slackware Linux ProjectSSA-2023-153-01

HistoryJun 02, 2023 - 9:05 p.m.

[slackware-security] cups

2023-06-0221:05:23

Slackware Linux Project

www.slackware.com

cups

security

fix

slackware

denial of service

cve-2023-32324

upgrade

buffer overflow

configuration

restart

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

32.9%

JSON

New cups packages are available for Slackware 14.2, 15.0, and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/cups-2.4.3-i586-1_slack15.0.txz: Upgraded.
Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
attacker to launch a denial of service (DoS) attack, or possibly execute
arbirary code.
For more information, see:
https://vulners.com/cve/CVE-2023-32324
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/cups-2.1.4-i586-3_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/cups-2.1.4-x86_64-3_slack14.2.txz

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/cups-2.4.3-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/cups-2.4.3-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/cups-2.4.3-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/cups-2.4.3-x86_64-1.txz

MD5 signatures:

Slackware 14.2 package:
ad78c6b3e6e1983db136c77d3613f34e cups-2.1.4-i586-3_slack14.2.txz

Slackware x86_64 14.2 package:
a74c5dfa42662c5c99254b98653a0598 cups-2.1.4-x86_64-3_slack14.2.txz

Slackware 15.0 package:
8586fdcbdc1e4d154f84746fd7115c66 cups-2.4.3-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
9077a7cec8bc2de88c9ce402acc6faf6 cups-2.4.3-x86_64-1_slack15.0.txz

Slackware -current package:
5f5596e51f96422ac4625fce92322f98 ap/cups-2.4.3-i586-1.txz

Slackware x86_64 -current package:
85f9e89e4f17ca283fe31ef0393fd865 ap/cups-2.4.3-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg cups-2.4.3-i586-1_slack15.0.txz

Then, restart the cups server:
> sh /etc/rc.d/rc.cups restart

OSVersionArchitecturePackageVersionFilename
Slackware14.2i586cups< 2.1.4cups-2.1.4-i586-3_slack14.2.txz
Slackware14.2x86_64cups< 2.1.4cups-2.1.4-x86_64-3_slack14.2.txz
Slackware15.0i586cups< 2.4.3cups-2.4.3-i586-1_slack15.0.txz
Slackware15.0x86_64cups< 2.4.3cups-2.4.3-x86_64-1_slack15.0.txz
Slackwarecurrenti586cups< 2.4.3cups-2.4.3-i586-1.txz
Slackwarecurrentx86_64cups< 2.4.3cups-2.4.3-x86_64-1.txz

OS	Version	Architecture	Package	Version	Filename
Slackware	14.2	i586	cups	< 2.1.4	cups-2.1.4-i586-3_slack14.2.txz
Slackware	14.2	x86_64	cups	< 2.1.4	cups-2.1.4-x86_64-3_slack14.2.txz
Slackware	15.0	i586	cups	< 2.4.3	cups-2.4.3-i586-1_slack15.0.txz
Slackware	15.0	x86_64	cups	< 2.4.3	cups-2.4.3-x86_64-1_slack15.0.txz
Slackware	current	i586	cups	< 2.4.3	cups-2.4.3-i586-1.txz
Slackware	current	x86_64	cups	< 2.4.3	cups-2.4.3-x86_64-1.txz