jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
cvrf2cusa/cvrf/2024/cvrf-openEuler-SA-2024-1758.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

179 lines
19 KiB
XML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for cups is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP3 and openEuler-24.03-LTS</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2024-1758</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2024-06-28</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2024-06-28</InitialReleaseDate>
<CurrentReleaseDate>2024-06-28</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2024-06-28</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">cups security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for cups is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP3 and openEuler-24.03-LTS.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol (IPP) to support printing to local and network printers..
Security Fix(es):
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue.
(CVE-2024-35235)</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for cups is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP3 and openEuler-24.03-LTS.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">Medium</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">cups</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1758</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-35235</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2024-35235</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS-SP4" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">openEuler-20.03-LTS-SP4</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">openEuler-22.03-LTS-SP1</FullProductName>
<FullProductName ProductID="openEuler-22.03-LTS-SP3" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">openEuler-22.03-LTS-SP3</FullProductName>
<FullProductName ProductID="openEuler-24.03-LTS" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">openEuler-24.03-LTS</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="cups-debuginfo-2.2.13-20" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">cups-debuginfo-2.2.13-20.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-2.2.13-20" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">cups-2.2.13-20.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-debugsource-2.2.13-20" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">cups-debugsource-2.2.13-20.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-devel-2.2.13-20" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">cups-devel-2.2.13-20.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-libs-2.2.13-20" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">cups-libs-2.2.13-20.oe2003sp4.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-debugsource-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-debugsource-2.4.0-11.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-debuginfo-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-debuginfo-2.4.0-11.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-ipptool-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-ipptool-2.4.0-11.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-libs-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-libs-2.4.0-11.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-printerapp-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-printerapp-2.4.0-11.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-lpd-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-lpd-2.4.0-11.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-2.4.0-11.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-devel-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-devel-2.4.0-11.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-client-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-client-2.4.0-11.oe2203sp1.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-lpd-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-lpd-2.4.0-11.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-devel-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-devel-2.4.0-11.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-libs-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-libs-2.4.0-11.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-printerapp-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-printerapp-2.4.0-11.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-2.4.0-11.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-ipptool-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-ipptool-2.4.0-11.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-client-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-client-2.4.0-11.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-debuginfo-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-debuginfo-2.4.0-11.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-debugsource-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-debugsource-2.4.0-11.oe2203sp3.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-debuginfo-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-debuginfo-2.4.7-3.oe2403.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-debugsource-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-debugsource-2.4.7-3.oe2403.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-lpd-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-lpd-2.4.7-3.oe2403.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-devel-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-devel-2.4.7-3.oe2403.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-printerapp-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-printerapp-2.4.7-3.oe2403.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-2.4.7-3.oe2403.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-libs-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-libs-2.4.7-3.oe2403.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-ipptool-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-ipptool-2.4.7-3.oe2403.aarch64.rpm</FullProductName>
<FullProductName ProductID="cups-client-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-client-2.4.7-3.oe2403.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="noarch">
<FullProductName ProductID="cups-help-2.2.13-20" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">cups-help-2.2.13-20.oe2003sp4.noarch.rpm</FullProductName>
<FullProductName ProductID="cups-filesystem-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-filesystem-2.4.0-11.oe2203sp1.noarch.rpm</FullProductName>
<FullProductName ProductID="cups-help-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-help-2.4.0-11.oe2203sp1.noarch.rpm</FullProductName>
<FullProductName ProductID="cups-filesystem-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-filesystem-2.4.0-11.oe2203sp3.noarch.rpm</FullProductName>
<FullProductName ProductID="cups-help-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-help-2.4.0-11.oe2203sp3.noarch.rpm</FullProductName>
<FullProductName ProductID="cups-help-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-help-2.4.7-3.oe2403.noarch.rpm</FullProductName>
<FullProductName ProductID="cups-filesystem-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-filesystem-2.4.7-3.oe2403.noarch.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="cups-2.2.13-20" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">cups-2.2.13-20.oe2003sp4.src.rpm</FullProductName>
<FullProductName ProductID="cups-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-2.4.0-11.oe2203sp1.src.rpm</FullProductName>
<FullProductName ProductID="cups-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-2.4.0-11.oe2203sp3.src.rpm</FullProductName>
<FullProductName ProductID="cups-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-2.4.7-3.oe2403.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="cups-2.2.13-20" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">cups-2.2.13-20.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-libs-2.2.13-20" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">cups-libs-2.2.13-20.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-debugsource-2.2.13-20" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">cups-debugsource-2.2.13-20.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-debuginfo-2.2.13-20" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">cups-debuginfo-2.2.13-20.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-devel-2.2.13-20" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP4">cups-devel-2.2.13-20.oe2003sp4.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-lpd-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-lpd-2.4.0-11.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-2.4.0-11.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-debuginfo-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-debuginfo-2.4.0-11.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-ipptool-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-ipptool-2.4.0-11.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-client-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-client-2.4.0-11.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-debugsource-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-debugsource-2.4.0-11.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-devel-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-devel-2.4.0-11.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-libs-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-libs-2.4.0-11.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-printerapp-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP1">cups-printerapp-2.4.0-11.oe2203sp1.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-printerapp-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-printerapp-2.4.0-11.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-libs-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-libs-2.4.0-11.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-2.4.0-11.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-lpd-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-lpd-2.4.0-11.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-devel-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-devel-2.4.0-11.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-debugsource-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-debugsource-2.4.0-11.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-debuginfo-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-debuginfo-2.4.0-11.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-client-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-client-2.4.0-11.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-ipptool-2.4.0-11" CPE="cpe:/a:openEuler:openEuler:22.03-LTS-SP3">cups-ipptool-2.4.0-11.oe2203sp3.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-debugsource-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-debugsource-2.4.7-3.oe2403.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-2.4.7-3.oe2403.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-debuginfo-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-debuginfo-2.4.7-3.oe2403.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-libs-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-libs-2.4.7-3.oe2403.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-client-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-client-2.4.7-3.oe2403.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-lpd-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-lpd-2.4.7-3.oe2403.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-printerapp-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-printerapp-2.4.7-3.oe2403.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-ipptool-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-ipptool-2.4.7-3.oe2403.x86_64.rpm</FullProductName>
<FullProductName ProductID="cups-devel-2.4.7-3" CPE="cpe:/a:openEuler:openEuler:24.03-LTS">cups-devel-2.4.7-3.oe2403.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the target. Given that cupsd is often running as root, this can result in the change of permission of any user or system files to be world writable. Given the aforementioned Ubuntu AppArmor context, on such systems this vulnerability is limited to those files modifiable by the cupsd process. In that specific case it was found to be possible to turn the configuration of the Listen argument into full control over the cupsd.conf and cups-files.conf configuration files. By later setting the User and Group arguments in cups-files.conf, and printing with a printer configured by PPD with a `FoomaticRIPCommandLine` argument, arbitrary user and group (not root) command execution could be achieved, which can further be used on Ubuntu systems to achieve full root command execution. Commit ff1f8a623e090dee8a8aadf12a6a4b25efac143d contains a patch for the issue.</Note>
</Notes>
<ReleaseDate>2024-06-28</ReleaseDate>
<CVE>CVE-2024-35235</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS-SP4</ProductID>
<ProductID>openEuler-22.03-LTS-SP1</ProductID>
<ProductID>openEuler-22.03-LTS-SP3</ProductID>
<ProductID>openEuler-24.03-LTS</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>4.4</BaseScore>
<Vector>AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>cups security update</Description>
<DATE>2024-06-28</DATE>
<URL>https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1758</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink