1 Oct
2023
1 Oct
'23
4:56 a.m.
cups (2.2.10-6+deb10u9) buster-security; urgency=high This release addresses a security issue (CVE-2023-32360) which allows unauthorized users to fetch documents over local or remote networks. Since this is a configuration fix, it might be that it does not reach you if you are updating 'cups-daemon' (rather than doing a fresh installation). Please double check your /etc/cups/cupds.conf file, whether it limits the access to CUPS-Get-Document with something like the following
<Limit CUPS-Get-Document> AuthType Default Require user @OWNER @SYSTEM Order deny,allow </Limit> (The important line is the 'AuthType Default' in this section)
-- Thorsten Alteholz <debian@alteholz.de> Fri, 29 Sep 2023 21:20:27 +0200