Pharos Response to OpenPrinting CUPS vulnerabilities (Sept 2024)
- 02 Oct 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Pharos Response to OpenPrinting CUPS vulnerabilities (Sept 2024)
- Updated on 02 Oct 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Pharos Impact: None
Pharos has reviewed all our products and cloud infrastructure and can confirm that we are not susceptible to any of the vulnerabilities or the mitigations themselves.
Our desktop client (Print Scout) used in Blueprint Enterprise and Pharos Cloud queries IPP printers using our own implementation.
Uniprint clients are not affected.
The following generally recommended mitigation steps do not impact Pharos products:
- Disable the cups-browsed service (Pharos products do not rely on cups-browsed service)
- Update the CUPS package on your systems if/when available (Pharos products do not rely on cups-browsed service)
- Block all traffic to UDP port 631 (Pharos products do not rely on cups-browsed service)
Background
Recently, a security exploit was published on the internet taking advantage of 4 vulnerabilities found in OpenPrinting CUPS of Unix operating systems.
References: RHSB-2024-002 - OpenPrinting cups-filters | Red Hat Customer Portal
CVE | Package | Impacted versions |
CVE-2024-47176 | cups-browsed | Versions up to and including 2.0.1 |
CVE-2024-47076 | libcupsfilters | Versions up to and including 2.1b1 |
CVE-2024-47175 | libppd | Versions up to and including 2.1b1 |
CVE-2024-47177 | cups-filters | Versions up to and including 2.0.1 |
Was this article helpful?