git.ipfire.org Git - thirdparty/cups.git/commit

author	Zdenek Dohnal <zdohnal@redhat.com>
	Fri, 21 Nov 2025 06:36:36 +0000 (07:36 +0100)
committer	Zdenek Dohnal <zdohnal@redhat.com>
	Thu, 27 Nov 2025 15:06:02 +0000 (16:06 +0100)
commit	db8d560262c22a21ee1e55dfd62fa98d9359bcb0
tree	6b0069de0a5628c5cd4fe14ced46a0142c746e61	tree
parent	40026058d3d127eeb91c6229e351a8d1d4ecdea6	commit \| diff

Fix various issues in cupsd

Various issues were found by @SilverPlate3, recognized as CVE-2025-61915:

- out of bound write when handling IPv6 addresses,
- cupsd crash caused by null dereference when ErrorPolicy value is empty,

On the top of that, Mike Sweet noticed vulnerability via domain socket,
exploitable locally if attacker has access to domain socket and knows username
of user within a group which is present in CUPS system groups:

- rewrite of cupsd.conf via PeerCred authorization via domain socket

The last vulnerability is fixed by introducing PeerCred directive for cups-files.conf,
which controls whether PeerCred is enabled/disabled for user in CUPS system groups.

Fixes CVE-2025-61915

conf/cups-files.conf.in		diff \| blob \| blame \| history
config-scripts/cups-defaults.m4		diff \| blob \| blame \| history
config.h.in		diff \| blob \| blame \| history
configure		diff \| blob \| blame \| history
doc/help/man-cups-files.conf.html		diff \| blob \| blame \| history
man/cups-files.conf.5		diff \| blob \| blame \| history
scheduler/auth.c		diff \| blob \| blame \| history
scheduler/auth.h		diff \| blob \| blame \| history
scheduler/client.c		diff \| blob \| blame \| history
scheduler/conf.c		diff \| blob \| blame \| history
test/run-stp-tests.sh		diff \| blob \| blame \| history
vcnet/config.h		diff \| blob \| blame \| history
xcode/CUPS.xcodeproj/project.pbxproj		diff \| blob \| blame \| history
xcode/config.h		diff \| blob \| blame \| history