Multiple vulnerabilities have been discovered in CUPS, allowing for the remote execution of arbitrary code and a Denial of Service.
Package | net-print/cups on all architectures |
---|---|
Affected versions | < 1.2.12-r7 |
Unaffected versions | >= 1.2.12-r7 |
CUPS provides a portable printing layer for UNIX-based operating systems.
Multiple vulnerabilities have been reported in CUPS:
A local attacker could send specially crafted network packets or print jobs and possibly execute arbitrary code with the privileges of the user running CUPS (usually lp), or cause a Denial of Service. The vulnerabilities are exploitable via the network when CUPS is sharing printers remotely.
There is no known workaround at this time.
All CUPS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.2.12-r7"