cups-2.2.6-64.el8_10
エラータID: AXSA:2025-11495:11
リリース日:
2025/12/08 Monday - 21:36
題名:
cups-2.2.6-64.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- CUPS には、NULL ポインタデリファレンスの問題があるため、近隣の
ネットワーク上の攻撃者により、サービス拒否攻撃を可能とする脆弱性
が存在します。(CVE-2025-58364)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-58364
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be available to public internet, attack vector "Network" is possible. The current versions of CUPS and cups-browsed projects have the attack vector "Adjacent" in their default configurations. Version 2.4.13 contains a patch for CVE-2025-58364.
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be available to public internet, attack vector "Network" is possible. The current versions of CUPS and cups-browsed projects have the attack vector "Adjacent" in their default configurations. Version 2.4.13 contains a patch for CVE-2025-58364.
追加情報:
N/A
ダウンロード:
SRPMS
- cups-2.2.6-64.el8_10.src.rpm
MD5: 273a14a5be977972ff2a45adb36222f4
SHA-256: 7e5d0436b2a41ba23ebecb71cf95b4811952d23a1dd98d82a14f6cf2d7b70eaa
Size: 10.10 MB
Asianux Server 8 for x86_64
- cups-2.2.6-64.el8_10.x86_64.rpm
MD5: 9855e4786f5fba0a219212b959327aeb
SHA-256: ac91751a7eee4dfa953b3d2ed90527e24a0d60bcfe7948f375920c688832e521
Size: 1.43 MB - cups-client-2.2.6-64.el8_10.x86_64.rpm
MD5: 71171568e5c3f5be7b01c037e767a7bc
SHA-256: 3e96f47046502e05e2dd8d3a4ca68ab130d9472254766621dd101bb37fdce50c
Size: 172.71 kB - cups-devel-2.2.6-64.el8_10.i686.rpm
MD5: 98b5006387d4d872d71be914f35bc0dc
SHA-256: c489459551555337395f940ab3523da9d1792ed5b100c4bcfbb3a234d3cb4934
Size: 152.05 kB - cups-devel-2.2.6-64.el8_10.x86_64.rpm
MD5: c31bd8e64d6f33f5e7f47e0958573bc4
SHA-256: 20f4e753d8f0166b6f72d64c3754f53d4489221c107be1e23816e8d5109f5917
Size: 152.07 kB - cups-filesystem-2.2.6-64.el8_10.noarch.rpm
MD5: fb8262e15c7f990c5e1cf3e9bf1a4686
SHA-256: fb24c5752ed0119986a0631b1e867708a3fdccab570645575f0c80bd127a40d2
Size: 112.39 kB - cups-ipptool-2.2.6-64.el8_10.x86_64.rpm
MD5: 9f96effe932cc7c8fd338c2a67d5010c
SHA-256: f26ea795f2db9b1a6e245e9ebb3e73f94852b89b44ca0951a6d513c1e7489fac
Size: 5.82 MB - cups-libs-2.2.6-64.el8_10.i686.rpm
MD5: b9dd658fe5b2f545945d3c7d38fe4da3
SHA-256: ba199c33cf483bbb4891a578ead50ab8dd0585f21602f8c31633cb01f557ee62
Size: 463.43 kB - cups-libs-2.2.6-64.el8_10.x86_64.rpm
MD5: 60276420896ef05edccd8ebfee13e8cc
SHA-256: 1de05f0511e0acc2c64550679dac51d6d428b3bd123649017179bafe389804fb
Size: 436.40 kB - cups-lpd-2.2.6-64.el8_10.x86_64.rpm
MD5: ca3d8de7146dd1e71ff900be7b6cd1e7
SHA-256: 5b5ee91863b4f24e3cdc41d871eab1c43c7db209a7fe2953a14983ae0092fd4d
Size: 127.66 kB
English