Amazon Linux 2 Security Advisory: ALAS-2024-2628
Advisory Release Date: 2024-08-14 19:06 Pacific
Advisory Updated Date: 2024-08-20 16:40 Pacific
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions. (CVE-2021-25317)
Affected Packages:
cups
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update cups to update your system.
aarch64:
cups-1.6.3-51.amzn2.0.5.aarch64
cups-client-1.6.3-51.amzn2.0.5.aarch64
cups-devel-1.6.3-51.amzn2.0.5.aarch64
cups-libs-1.6.3-51.amzn2.0.5.aarch64
cups-lpd-1.6.3-51.amzn2.0.5.aarch64
cups-ipptool-1.6.3-51.amzn2.0.5.aarch64
cups-debuginfo-1.6.3-51.amzn2.0.5.aarch64
i686:
cups-1.6.3-51.amzn2.0.5.i686
cups-client-1.6.3-51.amzn2.0.5.i686
cups-devel-1.6.3-51.amzn2.0.5.i686
cups-libs-1.6.3-51.amzn2.0.5.i686
cups-lpd-1.6.3-51.amzn2.0.5.i686
cups-ipptool-1.6.3-51.amzn2.0.5.i686
cups-debuginfo-1.6.3-51.amzn2.0.5.i686
noarch:
cups-filesystem-1.6.3-51.amzn2.0.5.noarch
src:
cups-1.6.3-51.amzn2.0.5.src
x86_64:
cups-1.6.3-51.amzn2.0.5.x86_64
cups-client-1.6.3-51.amzn2.0.5.x86_64
cups-devel-1.6.3-51.amzn2.0.5.x86_64
cups-libs-1.6.3-51.amzn2.0.5.x86_64
cups-lpd-1.6.3-51.amzn2.0.5.x86_64
cups-ipptool-1.6.3-51.amzn2.0.5.x86_64
cups-debuginfo-1.6.3-51.amzn2.0.5.x86_64