Amazon Linux 1 Security Advisory: ALAS-2023-1777
Advisory Release Date: 2023-07-05 21:44 Pacific
Advisory Updated Date: 2023-07-19 21:50 Pacific
A vulnerability was found in CUPS. This issue occurs due to logging data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data immediately before the connection closed, resulting in a use-after-free in cupsdAcceptClient() in scheduler/client.c (CVE-2023-34241)
Affected Packages:
cups
Issue Correction:
Run yum update cups to update your system.
i686:
cups-php-1.4.2-67.22.amzn1.i686
cups-debuginfo-1.4.2-67.22.amzn1.i686
cups-libs-1.4.2-67.22.amzn1.i686
cups-devel-1.4.2-67.22.amzn1.i686
cups-1.4.2-67.22.amzn1.i686
cups-lpd-1.4.2-67.22.amzn1.i686
src:
cups-1.4.2-67.22.amzn1.src
x86_64:
cups-debuginfo-1.4.2-67.22.amzn1.x86_64
cups-devel-1.4.2-67.22.amzn1.x86_64
cups-php-1.4.2-67.22.amzn1.x86_64
cups-lpd-1.4.2-67.22.amzn1.x86_64
cups-1.4.2-67.22.amzn1.x86_64
cups-libs-1.4.2-67.22.amzn1.x86_64