A vulnerability has been discovered in the cups-filters package that concerns the components for organizing the printing service. The vulnerability, designated CVE-2023-24805, allows for the remote execution of arbitrary commands on the seal server through a specially designed assignment of the print output. This vulnerability is present when using the beh backend to create a network printer, and is caused by a lack of proper checks on the name displayed for printing, which is used in the commands performed through the System() function.
Fortunately, patches to correct this vulnerability are currently available in the form of patches for the cups-filters package. Distributions such as Debian, Ubuntu, RHEL, SUSE/OpenSUSE, Fedora, Arch, and FreeBSD are all offering these patches to their users. It is recommended that users of this package follow the release of packet updates in these distributions to ensure their systems are protected from this vulnerability.
It is noted that exploitation of this vulnerability involves transmitting a specific string in the “Job-Name” field. Users of the aforementioned distributions are advised to monitor for updates and apply the patches as soon as they become available to ensure the security and integrity of their systems.