Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#78673 - [cups] 1:2.4.2-7: CVE-2023-32324 heap buffer overflow in cupsd

Attached to Project: Arch Linux
Opened by Pascal Ernster (hardfalcon) - Thursday, 01 June 2023, 11:27 GMT
Last edited by Toolybird (Toolybird) - Thursday, 01 June 2023, 23:05 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Both a fix and a PoC have been published for CVE-2023-32324, which is a heap buffer overflow that might affect cupsd in certain configurations:

https://www.openwall.com/lists/oss-security/2023/06/01/1

The PoC did *not* work on my machine, but it's probably still better to err on the safe side and include the fix until upstream publishes a new release.
This task depends upon

Closed by  Toolybird (Toolybird)
Thursday, 01 June 2023, 23:05 GMT
Reason for closing:  Fixed
Additional comments about closing:  cups 1:2.4.3-1

Loading...