INFSA-2024:4265: CUPS security update
Information about definition
Identificator: INFSA-2024:4265
Type: security
Release date: 2024-08-23 19:07:15 UTC
Information about package
The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.
Vulnerabilities description
- CVE-2024-35235
A flaw was found in the cupsd server. When starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Since cupsd is often running as root, this issue can result in the change of permission of any user or system files to be world writable.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-35235
|
no information | 4.4 | no information |
Updated packages