File cups-1.7.5-CVE-2023-32360.patch of Package cups

Overview Repositories Revisions Requests Users Attributes Meta

File cups-1.7.5-CVE-2023-32360.patch of Package cups

--- conf/cupsd.conf.in.orig	2013-06-07 03:00:33.000000000 +0200
+++ conf/cupsd.conf.in	2023-09-06 16:26:13.913199663 +0200
@@ -53,7 +53,14 @@ WebInterface @CUPS_WEBIF@
     Order deny,allow
   </Limit>
 
-  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+
+  # Require authentication for CUPS-Get-Document otherwise unauthenticated users could access print job documents:
+  <Limit CUPS-Get-Document>
+    AuthType Default
     Require user @OWNER @SYSTEM
     Order deny,allow
   </Limit>

Places

File cups-1.7.5-CVE-2023-32360.patch of Package cups

Places