cups-2.4.2-7.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13250 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z cups-2.4.2-7.1 on GA media These are all security issues fixed in the cups-2.4.2-7.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13250 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13250 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-32360/ SUSE CVE CVE-2023-32360 page https://www.suse.com/security/cve/CVE-2023-4504/ SUSE CVE CVE-2023-4504 page openSUSE Tumbleweed cups-2.4.2-7.1 cups-client-2.4.2-7.1 cups-config-2.4.2-7.1 cups-ddk-2.4.2-7.1 cups-devel-2.4.2-7.1 cups-devel-32bit-2.4.2-7.1 libcups2-2.4.2-7.1 libcups2-32bit-2.4.2-7.1 libcupsimage2-2.4.2-7.1 libcupsimage2-32bit-2.4.2-7.1 cups-2.4.2-7.1 as a component of openSUSE Tumbleweed cups-client-2.4.2-7.1 as a component of openSUSE Tumbleweed cups-config-2.4.2-7.1 as a component of openSUSE Tumbleweed cups-ddk-2.4.2-7.1 as a component of openSUSE Tumbleweed cups-devel-2.4.2-7.1 as a component of openSUSE Tumbleweed cups-devel-32bit-2.4.2-7.1 as a component of openSUSE Tumbleweed libcups2-2.4.2-7.1 as a component of openSUSE Tumbleweed libcups2-32bit-2.4.2-7.1 as a component of openSUSE Tumbleweed libcupsimage2-2.4.2-7.1 as a component of openSUSE Tumbleweed libcupsimage2-32bit-2.4.2-7.1 as a component of openSUSE Tumbleweed An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents. CVE-2023-32360 openSUSE Tumbleweed:cups-2.4.2-7.1 openSUSE Tumbleweed:cups-client-2.4.2-7.1 openSUSE Tumbleweed:cups-config-2.4.2-7.1 openSUSE Tumbleweed:cups-ddk-2.4.2-7.1 openSUSE Tumbleweed:cups-devel-2.4.2-7.1 openSUSE Tumbleweed:cups-devel-32bit-2.4.2-7.1 openSUSE Tumbleweed:libcups2-2.4.2-7.1 openSUSE Tumbleweed:libcups2-32bit-2.4.2-7.1 openSUSE Tumbleweed:libcupsimage2-2.4.2-7.1 openSUSE Tumbleweed:libcupsimage2-32bit-2.4.2-7.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-32360.html CVE-2023-32360 https://bugzilla.suse.com/1214254 SUSE Bug 1214254 Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. CVE-2023-4504 openSUSE Tumbleweed:cups-2.4.2-7.1 openSUSE Tumbleweed:cups-client-2.4.2-7.1 openSUSE Tumbleweed:cups-config-2.4.2-7.1 openSUSE Tumbleweed:cups-ddk-2.4.2-7.1 openSUSE Tumbleweed:cups-devel-2.4.2-7.1 openSUSE Tumbleweed:cups-devel-32bit-2.4.2-7.1 openSUSE Tumbleweed:libcups2-2.4.2-7.1 openSUSE Tumbleweed:libcups2-32bit-2.4.2-7.1 openSUSE Tumbleweed:libcupsimage2-2.4.2-7.1 openSUSE Tumbleweed:libcupsimage2-32bit-2.4.2-7.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-4504.html CVE-2023-4504 https://bugzilla.suse.com/1215204 SUSE Bug 1215204 https://bugzilla.suse.com/1217457 SUSE Bug 1217457 https://bugzilla.suse.com/1217553 SUSE Bug 1217553 https://bugzilla.suse.com/1218317 SUSE Bug 1218317 https://bugzilla.suse.com/1218347 SUSE Bug 1218347 https://bugzilla.suse.com/1221585 SUSE Bug 1221585