{"id":34931,"date":"2024-10-08T14:09:47","date_gmt":"2024-10-08T06:09:47","guid":{"rendered":"https:\/\/www.deepin.org\/?p=34931"},"modified":"2024-10-21T10:09:49","modified_gmt":"2024-10-21T02:09:49","slug":"deepin-fixes-cups-security-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.deepin.org.cn\/en\/deepin-fixes-cups-security-vulnerabilities\/","title":{"rendered":"CUPS Multiple High-Risk Security Vulnerabilities: How Does deepin Respond?"},"content":{"rendered":"\"\"<\/p>\n

On September 27, 2024, security researcher Simone \"evilsocket\" Margaritelli reported on his personal blog that the Unix-based printing framework CUPS has multiple high-risk security vulnerabilities[1]<\/sup>. Unauthenticated remote attackers can impersonate printers, using malicious IPP URLs to replace the URLs of existing printers or add new malicious printers. In this scenario, when a user initiates a print job from the affected computer, attackers can silently execute arbitrary commands on that computer through the fake printer URL, thereby achieving the attack.<\/p>\n

These vulnerabilities have been confirmed by the upstream software maintainers and security personnel, and temporary measures have been taken to disable the relevant features to mitigate the risks. No functional fixes are currently provided.<\/p>\n

Vulnerability IDs: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177. [2][3][4]<\/sup><\/p>\n

 <\/p>\n

\n
\n
\n

Am I affected?<\/strong><\/h1>\n

1\u3001If you have not installed cups-browsed (this package is not pre-installed in deepin 23), you are not affected by this vulnerability.<\/p>\n

2\u3001If you do not perform any printing operations, you will not trigger this vulnerability.<\/p>\n

3\u3001If you have installed cups-browsed and perform printing operations, you may be affected by this vulnerability.<\/p>\n

 <\/p>\n<\/section>\n<\/section>\n<\/section>\n

Temporary protection measures<\/strong><\/h1>\n

1\u3001If you do not need the cups-browsed service<\/strong>, stopping or uninstalling the cups-browsed service can mitigate attacks over the network:<\/p>\n

a. sudo systemctl disable --now cups-browsed<\/code><\/p>\n

b. sudo apt remove cups-browsed<\/code><\/p>\n

 <\/p>\n

2\u3001If you need the cups-browsed service,<\/strong> you can:<\/p>\n

a. Enable the firewall to block UDP 631 port traffic to prevent attacks.<\/p>\n

b. Edit\u00a0 \/etc\/cups\/cups-browsed.conf, search for the BrowseRemoteProtocols field, remove cups and execute sudo systemctl restart cups-browsed<\/code> to restart cups-browsed.<\/p>\n

 <\/p>\n

deepin 23 Patch<\/strong><\/h1>\n

deepin 23 has patched cups-browsed and cups-filters on September 27, 2024. We strongly recommend that all users update immediately to fix this security vulnerability. The patched version is: 1.28.17-3.1~deepin3.<\/p>\n

 <\/p>\n

Event Timeline<\/strong><\/h1>\n