cups: fix CVE-2023-32360

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents. References: https://ubuntu.com/security/CVE-2023-32360 https://security-tracker.debian.org/tracker/CVE-2023-32360 (From OE-Core rev: b04f40d7afba07ff602bffffc9a517ccfdd44850) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
2026-04-27 12:32:13 +02:00 · 2023-09-15 07:37:04 +00:00
parent de7443a25d
commit cfc7247089
2 changed files with 36 additions and 0 deletions
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -17,6 +17,7 @@ SRC_URI = "https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${
           file://cups-volatiles.conf \
           file://CVE-2023-32324.patch \
           file://CVE-2023-34241.patch \
+	   file://CVE-2023-32360.patch \
           "

 UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases"
--- a/meta/recipes-extended/cups/cups/CVE-2023-32360.patch
+++ b/meta/recipes-extended/cups/cups/CVE-2023-32360.patch
@@ -0,0 +1,35 @@
+From a0c8b9c9556882f00c68b9727a95a1b6d1452913 Mon Sep 17 00:00:00 2001
+From: Michael R Sweet <michael.r.sweet@gmail.com>
+Date: Thu, 14 Sep 2023 09:16:45 +0000
+Subject: [PATCH] Require authentication for CUPS-Get-Document.
+
+CVE: CVE-2023-32360
+
+Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ conf/cupsd.conf.in | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
+index b258849..08f5070 100644
+--- a/conf/cupsd.conf.in
+++ b/conf/cupsd.conf.in
+@@ -68,7 +68,13 @@ IdleExitTimeout @EXIT_TIMEOUT@
+     Order deny,allow
+   </Limit>
+
+-  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  <Limit CUPS-Get-Document>
+    AuthType Defaul
+     Require user @OWNER @SYSTEM
+     Order deny,allow
+   </Limit>
+--
+2.35.5