Amazon Linux 2023 Security Advisory: ALAS-2025-883
Advisory Release Date: 2025-02-26 23:14 Pacific
Advisory Updated Date: 2025-03-05 16:33 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication. (CVE-2023-32324)
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents. (CVE-2023-32360)
A vulnerability was found in CUPS. This issue occurs due to logging data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data immediately before the connection closed, resulting in a use-after-free in cupsdAcceptClient() in scheduler/client.c (CVE-2023-34241)
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. (CVE-2023-4504)
Affected Packages:
cups
Issue Correction:
Run dnf update cups --releasever 2023.6.20250303 to update your system.
aarch64:
cups-lpd-2.4.11-8.amzn2023.0.1.aarch64
cups-ipptool-2.4.11-8.amzn2023.0.1.aarch64
cups-debugsource-2.4.11-8.amzn2023.0.1.aarch64
cups-libs-2.4.11-8.amzn2023.0.1.aarch64
cups-client-debuginfo-2.4.11-8.amzn2023.0.1.aarch64
cups-devel-2.4.11-8.amzn2023.0.1.aarch64
cups-client-2.4.11-8.amzn2023.0.1.aarch64
cups-libs-debuginfo-2.4.11-8.amzn2023.0.1.aarch64
cups-printerapp-debuginfo-2.4.11-8.amzn2023.0.1.aarch64
cups-printerapp-2.4.11-8.amzn2023.0.1.aarch64
cups-lpd-debuginfo-2.4.11-8.amzn2023.0.1.aarch64
cups-ipptool-debuginfo-2.4.11-8.amzn2023.0.1.aarch64
cups-debuginfo-2.4.11-8.amzn2023.0.1.aarch64
cups-2.4.11-8.amzn2023.0.1.aarch64
noarch:
cups-filesystem-2.4.11-8.amzn2023.0.1.noarch
src:
cups-2.4.11-8.amzn2023.0.1.src
x86_64:
cups-libs-2.4.11-8.amzn2023.0.1.x86_64
cups-debugsource-2.4.11-8.amzn2023.0.1.x86_64
cups-printerapp-2.4.11-8.amzn2023.0.1.x86_64
cups-lpd-debuginfo-2.4.11-8.amzn2023.0.1.x86_64
cups-client-debuginfo-2.4.11-8.amzn2023.0.1.x86_64
cups-printerapp-debuginfo-2.4.11-8.amzn2023.0.1.x86_64
cups-ipptool-debuginfo-2.4.11-8.amzn2023.0.1.x86_64
cups-libs-debuginfo-2.4.11-8.amzn2023.0.1.x86_64
cups-client-2.4.11-8.amzn2023.0.1.x86_64
cups-debuginfo-2.4.11-8.amzn2023.0.1.x86_64
cups-ipptool-2.4.11-8.amzn2023.0.1.x86_64
cups-devel-2.4.11-8.amzn2023.0.1.x86_64
cups-lpd-2.4.11-8.amzn2023.0.1.x86_64
cups-2.4.11-8.amzn2023.0.1.x86_64