[{"data":1,"prerenderedAt":109},["ShallowReactive",2],{"zh-cn:CommonContent:/news/2024-09-27-cups-0day-advisory":3},{"id":4,"title":5,"body":6,"categories":97,"date":99,"description":100,"extension":101,"home":102,"important":103,"meta":104,"navigation":103,"path":105,"seo":106,"stem":107,"__hash__":108},"zhCN/news/2024-09-27-cups-0day-advisory.md","前方注意！CUPS 及相关软件包推送高危漏洞修复",{"type":7,"value":8,"toc":94},"minimark",[9,27,35,61,64,74],[10,11,12,13,20,21,26],"p",{},"北京时间今日凌晨，安全研究员 ",[14,15,19],"a",{"href":16,"rel":17},"https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/",[18],"nofollow","evilsocket"," 披露了与 CUPS 等软件包相关的四个安全漏洞，CVSS 3.1 评分最高达到 ",[14,22,25],{"href":23,"rel":24},"https://www.cve.org/CVERecord?id=CVE-2024-47177",[18],"9.1","。",[10,28,29,30,34],{},"目前，安同 OS 相关修复已经推送至稳定 (",[31,32,33],"code",{},"stable",") 软件源。考虑到该漏洞已公开且可利用，建议用户尽快更新，相关软件包及其修复版本见下：",[36,37,38,45,51,56],"ul",{},[39,40,41,44],"li",{},[31,42,43],{},"cups"," (2.4.10-2)",[39,46,47,50],{},[31,48,49],{},"cups-browsed"," (2.0.0-1)",[39,52,53,50],{},[31,54,55],{},"libcupsfilters",[39,57,58,50],{},[31,59,60],{},"libppd",[10,62,63],{},"升级完成后，如 cups.service 服务正在运行，推荐用户重启服务，方式见下。重启系统也能达成同样的效果。",[65,66,71],"pre",{"className":67,"code":69,"language":70},[68],"language-text","sudo systemctl try-restart cups\n","text",[31,72,69],{"__ignoreMap":73},"",[10,75,76,77,79,80,83,84,87,88,90,91,93],{},"另：由于 ",[31,78,49],{}," 软件包在实践中用途有限，并且无法彻底修复与之相关的安全漏洞，软件包 ",[31,81,82],{},"cups-filters"," 版本 ",[31,85,86],{},"2.0.0-2"," 已不再推荐安装 ",[31,89,49],{},"，推荐无需相关功能的用户主动卸载 ",[31,92,49],{}," 软件包。",{"title":73,"searchDepth":95,"depth":95,"links":96},2,[],[98],"advisories","2024-09-27T02:00:00.000Z","北京时间今日凌晨，安全研究员 evilsocket 披露了与 CUPS 等软件包相关的四个安全漏洞，CVSS 3.1 评分最高达到 9.1。","md",false,true,{},"/news/2024-09-27-cups-0day-advisory",{"title":5,"description":100},"news/2024-09-27-cups-0day-advisory","R0dK69LG5Zwj1KycXWYGfOAvB2Y1ZkTEPFNlftlaGCA",1773742824887]