[ubuntu/questing-security] cups 2.4.12-0ubuntu3.5 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Dec 4 15:56:17 UTC 2025
cups (2.4.12-0ubuntu3.5) questing-security; urgency=medium
* SECURITY UPDATE: Slow client communication leads to a possible DoS
attack
- debian/patches/CVE-2025-58436-1.patch: fix unresponsive cupsd process
caused by a slow client in cups/http-private.h, cups/http.c,
cups/tls-openssl.c, scheduler/client.c, scheduler/client.h,
scheduler/select.c.
- debian/patches/CVE-2025-58436-2.patch: fix an infinite loop issue in
GTK+ in cups/http.c.
- CVE-2025-58436
* SECURITY REGRESSION: issue with invalid configuration (LP: #2133207)
- debian/patches/lp2133207.patch: fix stopping scheduler on unknown
directive in scheduler/conf.c.
Date: 2025-12-04 12:27:12.212934+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/cups/2.4.12-0ubuntu3.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list