USN-6844-2: CUPS regression

Read Time:27 Second

USN-6844-1 fixed vulnerabilities in the CUPS package. The update
lead to the discovery of a regression in CUPS with regards to
how the cupsd daemon handles Listen configuration directive.
This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:
Rory McNamara discovered that when starting the cupsd server with a
Listen configuration item, the cupsd process fails to validate if
bind call passed. An attacker could possibly trick cupsd to perform
an arbitrary chmod of the provided argument, providing world-writable
access to the target.

Age Verification Using Facial Scans

NTLM Hash Exploit Targets Poland and Romania Days After Patch

Senators Urge Cyber-Threat Sharing Law Extension Before Deadline

Identity Attacks Now Comprise a Third of Intrusions

Microsoft Thwarts $4bn in Fraud Attempts

CISA Throws Lifeline to CVE Program with Last-Minute Contract Extension

Network Edge Devices the Biggest Entry Point for Attacks on SMBs

ICO Issues Merseyside-Based Law Firm £60,000 Fine After Cyber-Attack

Smashing Security podcast #413: Hacking the hackers… with a credit card?

pgadmin4-9.2-1.fc41

java-latest-openjdk-24.0.1.0.9-1.rolling.el9

java-latest-openjdk-24.0.1.0.9-1.rolling.el10_0 java-latest-openjdk-portable-24.0.1.0.9-1.rolling.el8

java-1.8.0-openjdk-portable-1.8.0.452.b06-2.fc39 java-17-openjdk-portable-17.0.15.0.6-1.fc40

java-1.8.0-openjdk-1.8.0.452.b06-1.fc40

java-1.8.0-openjdk-1.8.0.452.b06-1.fc41