ALAS2023-2023-215

Amazon Linux 2023 Security Advisory: ALAS-2023-215
Advisory Release Date: 2023-06-21 19:10 Pacific
Advisory Updated Date: 2023-06-27 20:58 Pacific

Severity: Medium

References: CVE-2023-32324
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication. (CVE-2023-32324)

Affected Packages:

cups

Issue Correction:
Run dnf update cups --releasever 2023.1.20230628 to update your system.

New Packages:

aarch64:
    cups-client-debuginfo-2.3.3op2-18.amzn2023.0.4.aarch64
    cups-client-2.3.3op2-18.amzn2023.0.4.aarch64
    cups-debugsource-2.3.3op2-18.amzn2023.0.4.aarch64
    cups-ipptool-debuginfo-2.3.3op2-18.amzn2023.0.4.aarch64
    cups-lpd-2.3.3op2-18.amzn2023.0.4.aarch64
    cups-printerapp-debuginfo-2.3.3op2-18.amzn2023.0.4.aarch64
    cups-ipptool-2.3.3op2-18.amzn2023.0.4.aarch64
    cups-libs-debuginfo-2.3.3op2-18.amzn2023.0.4.aarch64
    cups-devel-2.3.3op2-18.amzn2023.0.4.aarch64
    cups-printerapp-2.3.3op2-18.amzn2023.0.4.aarch64
    cups-lpd-debuginfo-2.3.3op2-18.amzn2023.0.4.aarch64
    cups-libs-2.3.3op2-18.amzn2023.0.4.aarch64
    cups-debuginfo-2.3.3op2-18.amzn2023.0.4.aarch64
    cups-2.3.3op2-18.amzn2023.0.4.aarch64

noarch:
    cups-filesystem-2.3.3op2-18.amzn2023.0.4.noarch

src:
    cups-2.3.3op2-18.amzn2023.0.4.src

x86_64:
    cups-libs-debuginfo-2.3.3op2-18.amzn2023.0.4.x86_64
    cups-printerapp-debuginfo-2.3.3op2-18.amzn2023.0.4.x86_64
    cups-lpd-2.3.3op2-18.amzn2023.0.4.x86_64
    cups-debugsource-2.3.3op2-18.amzn2023.0.4.x86_64
    cups-libs-2.3.3op2-18.amzn2023.0.4.x86_64
    cups-devel-2.3.3op2-18.amzn2023.0.4.x86_64
    cups-client-debuginfo-2.3.3op2-18.amzn2023.0.4.x86_64
    cups-client-2.3.3op2-18.amzn2023.0.4.x86_64
    cups-ipptool-2.3.3op2-18.amzn2023.0.4.x86_64
    cups-lpd-debuginfo-2.3.3op2-18.amzn2023.0.4.x86_64
    cups-debuginfo-2.3.3op2-18.amzn2023.0.4.x86_64
    cups-ipptool-debuginfo-2.3.3op2-18.amzn2023.0.4.x86_64
    cups-printerapp-2.3.3op2-18.amzn2023.0.4.x86_64
    cups-2.3.3op2-18.amzn2023.0.4.x86_64

Additional References

Red Hat: CVE-2023-32324

Mitre: CVE-2023-32324

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS2023-2023-215

Additional References