{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2024-47175: prevent PPD generation based on invalid IPP response\n- CVE-2024-47850: do not generate PPD for remote raw queues and add system-cups.slice", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2025/clsa-2025_1747430870.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747430870", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747430870" } ], "tracking": { "current_release_date": "2026-02-16T09:22:59Z", "generator": { "date": "2026-02-16T09:22:59Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1747430870", "initial_release_date": "2025-05-16T21:27:53Z", "revision_history": [ { "date": "2025-05-16T21:27:53Z", "number": "1", "summary": "Initial version" }, { "date": "2025-05-19T15:31:23Z", "number": "2", "summary": "Official Publication" }, { "date": "2026-02-16T09:22:59Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "3" }, "title": "cups-filters: Fix of 2 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "product": { "name": "cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "product_id": "cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/cups-filters-devel@1.28.7-11.el9_2.1.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "product": { "name": "cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "product_id": "cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/cups-filters-libs@1.28.7-11.el9_2.1.tuxcare.els3?arch=x86_64" } } }, { "category": "product_version", "name": "cups-filters-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "product": { "name": "cups-filters-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "product_id": "cups-filters-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/cups-filters@1.28.7-11.el9_2.1.tuxcare.els3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "product": { "name": "cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "product_id": "cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/cups-filters-devel@1.28.7-11.el9_2.1.tuxcare.els3?arch=i686" } } }, { "category": "product_version", "name": "cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "product": { "name": "cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "product_id": "cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/cups-filters-libs@1.28.7-11.el9_2.1.tuxcare.els3?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64" }, "product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.i686" }, "product_reference": "cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.i686" }, "product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64" }, "product_reference": "cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "cups-filters-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:cups-filters-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64" }, "product_reference": "cups-filters-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-47850", "notes": [ { "category": "description", "text": "CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:cups-filters-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "AlmaLinux-9.2:cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "AlmaLinux-9.2:cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-47850" } ], "release_date": "2024-10-04T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-05-16T21:27:53Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1747430870", "product_ids": [ "AlmaLinux-9.2:cups-filters-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "AlmaLinux-9.2:cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "AlmaLinux-9.2:cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747430870" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:cups-filters-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "AlmaLinux-9.2:cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "AlmaLinux-9.2:cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-47175", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:cups-filters-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "AlmaLinux-9.2:cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "AlmaLinux-9.2:cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-47175" }, { "category": "external", "summary": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8", "url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8" }, { "category": "external", "summary": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47", "url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47" }, { "category": "external", "summary": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5", "url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5" }, { "category": "external", "summary": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6", "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6" }, { "category": "external", "summary": "https://www.cups.org", "url": "https://www.cups.org/" }, { "category": "external", "summary": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I", "url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2024/09/27/3", "url": "http://www.openwall.com/lists/oss-security/2024/09/27/3" }, { "category": "external", "summary": "https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477", "url": "https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/09/msg00047.html", "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00047.html" }, { "category": "external", "summary": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0016", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0016" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20241011-0001/", "url": "https://security.netapp.com/advisory/ntap-20241011-0001/" } ], "release_date": "2024-09-26T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-05-16T21:27:53Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1747430870", "product_ids": [ "AlmaLinux-9.2:cups-filters-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "AlmaLinux-9.2:cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "AlmaLinux-9.2:cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1747430870" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:cups-filters-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "AlmaLinux-9.2:cups-filters-devel-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64", "AlmaLinux-9.2:cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.i686", "AlmaLinux-9.2:cups-filters-libs-0:1.28.7-11.el9_2.1.tuxcare.els3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] } ] }