Severe security vulnerability in Cups

Colonel Panic · 2024-09-28 12:41:19

Hi everyone. Several sites I've seen today have said that a security vulnerability has been found in Cups which could potentially result in an attacker being able to take control of your computer;

https://www.redhat.com/en/blog/red-hat- … rabilities

My answer would be to remove cups-browsed (in fact I don't use Cups at all so could easily get rid of the whole thing too), but Red Hat have published a less drastic solution;

https://www.redhat.com/en/blog/red-hat- … rabilities

Last edited by Colonel Panic (2024-09-28 12:59:57)

altman · 2024-09-28 12:42:43

Thx for that @Colonel Panic

johnraff · 2024-09-29 02:48:55

cups-browsed helps to connect to a wifi-enabled printer without having to install any drivers. This works with modern printers and is something I'm making use of right now.
https://wiki.debian.org/CUPSDriverlessPrinting#Summary

There's a mitigation shown on Debian's security tracker:
https://security-tracker.debian.org/tra … 2024-47176

For client/desktop systems: Remove 'cups' from the "BrowseRemoteProtocols" line in /etc/cups/cups-browsed.conf and restart the cups-browsed service.

This seems to be what has been done in Debian's latest cups-filters upgrade - 1.28.17-5, currently in Sid, so should arrive in Bookworm and Trixie soon:
https://bugs.debian.org/cgi-bin/bugrepo … 1082820#10

I'm going to try that edit to /etc/cups/cups-browsed.conf and see if my wifi printer still works...

^EDIT: yes it still works.

Last edited by johnraff (2024-09-29 08:15:56)

johnraff · 2024-09-30 01:57:34

The fixed version of cups-filters has arrived, and for Bookworm it's 1.28.17-3+deb12u1, not 1.28.17-5 as I posted above - that one's for Sid.

DeepDayze · 2024-09-30 16:56:11

Removing 'cups' from the "BrowseRemoteProtocols" line in /etc/cups/cups-browsed.conf and either restarting the service or rebooting works for me as well.

Sector11 · 2024-09-30 21:04:26

My hammer and chisel¹ were not affected.

I don't trust WiFi or bluetooth much.

¹ printer on a cable.

novice · 2024-10-08 12:59:06

Edit: Never mind, I've just seen how to disable it.
Is there any other way to disable it? That line in my cups-browsed.conf doesn't have cups in it, but cups-browsed is running on my machine.

Last edited by novice (2024-10-08 13:00:55)

johnraff · 2024-10-09 02:34:28

^If the config line has been correctly edited then it should be safe to have cups-browsed running. It does in fact have some use. But if you don't need it, then just uninstall the package cups-browsed.

novice · 2024-10-09 15:41:16

Thanks. I assume I don't need it. I only print from one machine and the printer is connected by USB cable.

#1 2024-09-28 12:41:19

Severe security vulnerability in Cups

#2 2024-09-28 12:42:43

Re: Severe security vulnerability in Cups

#3 2024-09-29 02:48:55

Re: Severe security vulnerability in Cups

#4 2024-09-30 01:57:34

Re: Severe security vulnerability in Cups

#5 2024-09-30 16:56:11

Re: Severe security vulnerability in Cups

#6 2024-09-30 21:04:26

Re: Severe security vulnerability in Cups

#7 2024-10-08 12:59:06

Re: Severe security vulnerability in Cups

#8 2024-10-09 02:34:28

Re: Severe security vulnerability in Cups

#9 2024-10-09 15:41:16

Re: Severe security vulnerability in Cups

Board footer