NS-SA-2025-0047

简介

important: shadow/cups-filters security update

严重级别

important

主题

An update for shadow/cups-filters is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

shadow:
cups-filters:


Security Fix(es):
shadow: A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.(CVE-2023-4641)
shadow: bugfix
cups-filters: A vulnerability was found in cups-filters. This security flaw occurs if you use beh to create an accessible network printer, possibly resulting in remote code execution.(CVE-2023-24805)
cups-filters: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.01B6.

影响组件

• shadow
• cups-filters

影响产品

• CGSL MAIN 7.02

更新包

CVE

• CVE-2023-4641
• CVE-2023-24805

参考

• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4641
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24805