Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#78673 - [cups] 1:2.4.2-7: CVE-2023-32324 heap buffer overflow in cupsd
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Thursday, 01 June 2023, 11:27 GMT
Last edited by Toolybird (Toolybird) - Thursday, 01 June 2023, 23:05 GMT
Opened by Pascal Ernster (hardfalcon) - Thursday, 01 June 2023, 11:27 GMT
Last edited by Toolybird (Toolybird) - Thursday, 01 June 2023, 23:05 GMT
|
DetailsBoth a fix and a PoC have been published for CVE-2023-32324, which is a heap buffer overflow that might affect cupsd in certain configurations:
https://www.openwall.com/lists/oss-security/2023/06/01/1 The PoC did *not* work on my machine, but it's probably still better to err on the safe side and include the fix until upstream publishes a new release. |
This task depends upon
Closed by Toolybird (Toolybird)
Thursday, 01 June 2023, 23:05 GMT
Reason for closing: Fixed
Additional comments about closing: cups 1:2.4.3-1
Thursday, 01 June 2023, 23:05 GMT
Reason for closing: Fixed
Additional comments about closing: cups 1:2.4.3-1