{"id":"OESA-2023-1410","summary":"cups security update","details":"\n\nSecurity Fix(es):\n\nOpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.\n\nThe exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.\n\nVersion 2.4.6 has a patch for this issue.(CVE-2023-34241)","modified":"2025-09-03T06:19:15.055524Z","published":"2023-07-08T11:05:30Z","upstream":["CVE-2023-34241"],"database_specific":{"severity":"Medium"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1410"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34241"}],"affected":[{"package":{"name":"cups","ecosystem":"openEuler:20.03-LTS-SP1","purl":"pkg:rpm/openEuler/cups&distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.13-17.oe1"}]}],"ecosystem_specific":{"noarch":["cups-help-2.2.13-17.oe1.noarch.rpm"],"aarch64":["cups-devel-2.2.13-17.oe1.aarch64.rpm","cups-debuginfo-2.2.13-17.oe1.aarch64.rpm","cups-libs-2.2.13-17.oe1.aarch64.rpm","cups-debugsource-2.2.13-17.oe1.aarch64.rpm","cups-2.2.13-17.oe1.aarch64.rpm"],"x86_64":["cups-libs-2.2.13-17.oe1.x86_64.rpm","cups-debuginfo-2.2.13-17.oe1.x86_64.rpm","cups-2.2.13-17.oe1.x86_64.rpm","cups-devel-2.2.13-17.oe1.x86_64.rpm","cups-debugsource-2.2.13-17.oe1.x86_64.rpm"],"src":["cups-2.2.13-17.oe1.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2023-1410.json"}},{"package":{"name":"cups","ecosystem":"openEuler:20.03-LTS-SP3","purl":"pkg:rpm/openEuler/cups&distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.13-17.oe1"}]}],"ecosystem_specific":{"noarch":["cups-help-2.2.13-17.oe1.noarch.rpm"],"aarch64":["cups-2.2.13-17.oe1.aarch64.rpm","cups-libs-2.2.13-17.oe1.aarch64.rpm","cups-debuginfo-2.2.13-17.oe1.aarch64.rpm","cups-debugsource-2.2.13-17.oe1.aarch64.rpm","cups-devel-2.2.13-17.oe1.aarch64.rpm"],"x86_64":["cups-devel-2.2.13-17.oe1.x86_64.rpm","cups-2.2.13-17.oe1.x86_64.rpm","cups-debuginfo-2.2.13-17.oe1.x86_64.rpm","cups-libs-2.2.13-17.oe1.x86_64.rpm","cups-debugsource-2.2.13-17.oe1.x86_64.rpm"],"src":["cups-2.2.13-17.oe1.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2023-1410.json"}},{"package":{"name":"cups","ecosystem":"openEuler:22.03-LTS","purl":"pkg:rpm/openEuler/cups&distro=openEuler-22.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.0-8.oe2203sp2"}]}],"ecosystem_specific":{"noarch":["cups-help-2.4.0-8.oe2203.noarch.rpm","cups-filesystem-2.4.0-8.oe2203.noarch.rpm","cups-filesystem-2.4.0-8.oe2203sp1.noarch.rpm","cups-help-2.4.0-8.oe2203sp1.noarch.rpm","cups-filesystem-2.4.0-8.oe2203sp2.noarch.rpm","cups-help-2.4.0-8.oe2203sp2.noarch.rpm"],"aarch64":["cups-devel-2.4.0-8.oe2203.aarch64.rpm","cups-ipptool-2.4.0-8.oe2203.aarch64.rpm","cups-debugsource-2.4.0-8.oe2203.aarch64.rpm","cups-2.4.0-8.oe2203.aarch64.rpm","cups-debuginfo-2.4.0-8.oe2203.aarch64.rpm","cups-client-2.4.0-8.oe2203.aarch64.rpm","cups-printerapp-2.4.0-8.oe2203.aarch64.rpm","cups-libs-2.4.0-8.oe2203.aarch64.rpm","cups-lpd-2.4.0-8.oe2203.aarch64.rpm","cups-printerapp-2.4.0-8.oe2203sp1.aarch64.rpm","cups-lpd-2.4.0-8.oe2203sp1.aarch64.rpm","cups-libs-2.4.0-8.oe2203sp1.aarch64.rpm","cups-2.4.0-8.oe2203sp1.aarch64.rpm","cups-client-2.4.0-8.oe2203sp1.aarch64.rpm","cups-debuginfo-2.4.0-8.oe2203sp1.aarch64.rpm","cups-devel-2.4.0-8.oe2203sp1.aarch64.rpm","cups-ipptool-2.4.0-8.oe2203sp1.aarch64.rpm","cups-debugsource-2.4.0-8.oe2203sp1.aarch64.rpm","cups-client-2.4.0-8.oe2203sp2.aarch64.rpm","cups-2.4.0-8.oe2203sp2.aarch64.rpm","cups-devel-2.4.0-8.oe2203sp2.aarch64.rpm","cups-debugsource-2.4.0-8.oe2203sp2.aarch64.rpm","cups-printerapp-2.4.0-8.oe2203sp2.aarch64.rpm","cups-libs-2.4.0-8.oe2203sp2.aarch64.rpm","cups-debuginfo-2.4.0-8.oe2203sp2.aarch64.rpm","cups-ipptool-2.4.0-8.oe2203sp2.aarch64.rpm","cups-lpd-2.4.0-8.oe2203sp2.aarch64.rpm"],"x86_64":["cups-ipptool-2.4.0-8.oe2203.x86_64.rpm","cups-devel-2.4.0-8.oe2203.x86_64.rpm","cups-debuginfo-2.4.0-8.oe2203.x86_64.rpm","cups-2.4.0-8.oe2203.x86_64.rpm","cups-printerapp-2.4.0-8.oe2203.x86_64.rpm","cups-lpd-2.4.0-8.oe2203.x86_64.rpm","cups-client-2.4.0-8.oe2203.x86_64.rpm","cups-debugsource-2.4.0-8.oe2203.x86_64.rpm","cups-libs-2.4.0-8.oe2203.x86_64.rpm","cups-libs-2.4.0-8.oe2203sp1.x86_64.rpm","cups-client-2.4.0-8.oe2203sp1.x86_64.rpm","cups-devel-2.4.0-8.oe2203sp1.x86_64.rpm","cups-printerapp-2.4.0-8.oe2203sp1.x86_64.rpm","cups-lpd-2.4.0-8.oe2203sp1.x86_64.rpm","cups-ipptool-2.4.0-8.oe2203sp1.x86_64.rpm","cups-debugsource-2.4.0-8.oe2203sp1.x86_64.rpm","cups-2.4.0-8.oe2203sp1.x86_64.rpm","cups-debuginfo-2.4.0-8.oe2203sp1.x86_64.rpm","cups-2.4.0-8.oe2203sp2.x86_64.rpm","cups-debuginfo-2.4.0-8.oe2203sp2.x86_64.rpm","cups-client-2.4.0-8.oe2203sp2.x86_64.rpm","cups-printerapp-2.4.0-8.oe2203sp2.x86_64.rpm","cups-devel-2.4.0-8.oe2203sp2.x86_64.rpm","cups-libs-2.4.0-8.oe2203sp2.x86_64.rpm","cups-ipptool-2.4.0-8.oe2203sp2.x86_64.rpm","cups-debugsource-2.4.0-8.oe2203sp2.x86_64.rpm","cups-lpd-2.4.0-8.oe2203sp2.x86_64.rpm"],"src":["cups-2.4.0-8.oe2203.src.rpm","cups-2.4.0-8.oe2203sp1.src.rpm","cups-2.4.0-8.oe2203sp2.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2023-1410.json"}},{"package":{"name":"cups","ecosystem":"openEuler:22.03-LTS-SP1","purl":"pkg:rpm/openEuler/cups&distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.0-8.oe2203sp1"}]}],"ecosystem_specific":{"noarch":["cups-filesystem-2.4.0-8.oe2203sp1.noarch.rpm","cups-help-2.4.0-8.oe2203sp1.noarch.rpm"],"aarch64":["cups-printerapp-2.4.0-8.oe2203sp1.aarch64.rpm","cups-lpd-2.4.0-8.oe2203sp1.aarch64.rpm","cups-libs-2.4.0-8.oe2203sp1.aarch64.rpm","cups-2.4.0-8.oe2203sp1.aarch64.rpm","cups-client-2.4.0-8.oe2203sp1.aarch64.rpm","cups-debuginfo-2.4.0-8.oe2203sp1.aarch64.rpm","cups-devel-2.4.0-8.oe2203sp1.aarch64.rpm","cups-ipptool-2.4.0-8.oe2203sp1.aarch64.rpm","cups-debugsource-2.4.0-8.oe2203sp1.aarch64.rpm"],"x86_64":["cups-libs-2.4.0-8.oe2203sp1.x86_64.rpm","cups-client-2.4.0-8.oe2203sp1.x86_64.rpm","cups-devel-2.4.0-8.oe2203sp1.x86_64.rpm","cups-printerapp-2.4.0-8.oe2203sp1.x86_64.rpm","cups-lpd-2.4.0-8.oe2203sp1.x86_64.rpm","cups-ipptool-2.4.0-8.oe2203sp1.x86_64.rpm","cups-debugsource-2.4.0-8.oe2203sp1.x86_64.rpm","cups-2.4.0-8.oe2203sp1.x86_64.rpm","cups-debuginfo-2.4.0-8.oe2203sp1.x86_64.rpm"],"src":["cups-2.4.0-8.oe2203sp1.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2023-1410.json"}},{"package":{"name":"cups","ecosystem":"openEuler:22.03-LTS-SP2","purl":"pkg:rpm/openEuler/cups&distro=openEuler-22.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.0-8.oe2203sp2"}]}],"ecosystem_specific":{"noarch":["cups-filesystem-2.4.0-8.oe2203sp2.noarch.rpm","cups-help-2.4.0-8.oe2203sp2.noarch.rpm"],"aarch64":["cups-client-2.4.0-8.oe2203sp2.aarch64.rpm","cups-2.4.0-8.oe2203sp2.aarch64.rpm","cups-devel-2.4.0-8.oe2203sp2.aarch64.rpm","cups-debugsource-2.4.0-8.oe2203sp2.aarch64.rpm","cups-printerapp-2.4.0-8.oe2203sp2.aarch64.rpm","cups-libs-2.4.0-8.oe2203sp2.aarch64.rpm","cups-debuginfo-2.4.0-8.oe2203sp2.aarch64.rpm","cups-ipptool-2.4.0-8.oe2203sp2.aarch64.rpm","cups-lpd-2.4.0-8.oe2203sp2.aarch64.rpm"],"x86_64":["cups-2.4.0-8.oe2203sp2.x86_64.rpm","cups-debuginfo-2.4.0-8.oe2203sp2.x86_64.rpm","cups-client-2.4.0-8.oe2203sp2.x86_64.rpm","cups-printerapp-2.4.0-8.oe2203sp2.x86_64.rpm","cups-devel-2.4.0-8.oe2203sp2.x86_64.rpm","cups-libs-2.4.0-8.oe2203sp2.x86_64.rpm","cups-ipptool-2.4.0-8.oe2203sp2.x86_64.rpm","cups-debugsource-2.4.0-8.oe2203sp2.x86_64.rpm","cups-lpd-2.4.0-8.oe2203sp2.x86_64.rpm"],"src":["cups-2.4.0-8.oe2203sp2.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2023-1410.json"}}],"schema_version":"1.7.3"}