Urgent SUSE Linux security update: Patch the critical CVE-2024-47175 vulnerability in cups-filters (CVSS 9.3). This flaw allows remote code execution & system compromise. Learn which versions are affected & get the patch commands now to secure your enterprise systems.
A newly disclosed, high-severity security flaw threatens the integrity of countless SUSE Linux Enterprise and openSUSE systems. Designated as CVE-2024-47175, this critical vulnerability resides within the ubiquitous cups-filters package, a core component responsible for managing print jobs.
With a staggering CVSS v4.0 score of 9.3 ("Critical") as assessed by SUSE, this weakness presents a severe remote code execution risk, potentially allowing attackers to gain complete control over affected systems without any user interaction.
This immediate security advisory provides a comprehensive analysis of the threat, lists all impacted products, and delivers the essential commands to mitigate this pressing risk.
Understanding the CVE-2024-47175 cups-filters Vulnerability
At its core, CVE-2024-47175 is an input validation vulnerability. The specific function ppdCreatePPDFromIPP2 fails to properly sanitize International Printing Protocol (IPP) attributes before writing them to a temporary PostScript Printer Description (PPD) file.
This lack of sanitization creates a dangerous opportunity for arbitrary data injection.
In practical terms, what does this mean for system administrators? A remote, unauthenticated attacker could exploit this flaw by sending a specially crafted print job or IPP request to a vulnerable system.
This malicious data would be written directly into the PPD file. When this file is processed, the injected code could execute with the privileges of the cups service, leading to a full-scale system compromise, data theft, or the installation of persistent malware.
The fact that this attack can be launched over the network with no authentication (AV:N/AC:L/PR:N/UI:N) significantly amplifies its threat level, making prompt patching an absolute necessity.
Affected SUSE Linux Products and Versions
The scope of this vulnerability is extensive, impacting a wide array of SUSE's enterprise-grade and community distributions. System administrators must urgently check if their infrastructure includes any of the following affected products:
SUSE Linux Enterprise Server: Versions 15 SP3, SP4, SP5, SP6, SP7 (including LTSS variants)
SUSE Linux Enterprise Desktop: Versions 15 SP6 and SP7
SUSE Linux Enterprise for SAP Applications: Versions 15 SP3, SP4, SP5, SP6, SP7
SUSE Manager Suite: Proxy, Retail Branch Server, and Server versions 4.3 (including LTS)
SUSE Enterprise Storage: Version 7.1
SUSE Linux Enterprise High Performance Computing (HPC): Multiple SP versions, including LTSS and ESPOS
openSUSE Leap: Version 15.6
Basesystem Module: Versions 15-SP6 and 15-SP7
This comprehensive list underscores the vulnerability's widespread impact across SUSE's ecosystem. The inclusion of Long-Term Service Pack Support (LTSS) and Extended Support Pack Support (ESPOS) variants highlights the risk to systems maintained for extended lifecycles, which are often critical to enterprise infrastructure.
Immediate Patch Instructions and Mitigation
SUSE has released an urgent update that addresses this critical vulnerability. The recommended method for applying this patch is through your standard system management tools, such as YaST online_update or the zypper package manager.
For administrators who require precise command-line control, execute the following command specific to your product to install the security patch immediately:
Example Patch Commands for Major Products:
SUSE Linux Enterprise Server 15 SP4 LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3225=1SUSE Linux Enterprise Server for SAP Applications 15 SP5:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3225=1openSUSE Leap 15.6:
zypper in -t patch openSUSE-SLE-15.6-2025-3225=1SUSE Manager Server 4.3 LTS:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3225=1
Following the patch application, it is considered a cybersecurity best practice to restart the CUPS service or the affected servers to ensure the updated cups-filters library is loaded into memory.
The Critical Importance of Proactive Linux Security Patching
Why should this vulnerability be at the top of every IT department's priority list? Beyond the obvious technical risk, flaws like CVE-2024-47175 directly target the backbone of modern business operations—server infrastructure.
A breach through this vector could lead to significant operational downtime, compliance failures under regulations like GDPR or HIPAA, and immense reputational damage.
This incident serves as a potent reminder of the shared responsibility model in open-source software. While vendors like SUSE are exceptionally agile in creating and distributing fixes, the onus of deployment and implementation falls on internal IT teams.
Establishing a robust, timely patch management protocol is not merely an IT task; it is a fundamental business continuity requirement. Proactive security hardening, including network segmentation to restrict access to print services, can further reduce the attack surface for such vulnerabilities.
Frequently Asked Questions (FAQ)
Q1: What is the cups-filters package, and is it critical?
A: The cups-filters package contains critical backends, filters, and other software required by the Common UNIX Printing System (CUPS) to function correctly. It processes print jobs and converts them into formats printers can understand. A vulnerability here compromises the entire printing subsystem, which can be a gateway to the wider system.
Q2: Can this vulnerability be exploited remotely?
A: Yes. The CVSS score indicates the attack vector is Network (AV:N), meaning it can be exploited over a local or wide-area network without physical access to the vulnerable system.
Q3: My system is listed but I don't use printing. Am I still vulnerable?
A: Potentially, yes. If the CUPS service is installed and running, even on a server that isn't used as a print server, it could present an attack surface. It is best practice to either patch the package or remove the service if it is entirely unused.
Q4: Where can I find official references for this CVE?
A: You can always find authoritative information on the SUSE security portal and their bug tracking system (bugzilla.suse.com, references bsc#1230932, bsc#1246533).
Conclusion: The CVE-2024-47175 vulnerability is a stark reminder of the persistent threats facing enterprise IT environments. The high CVSS score and the potential for remote system compromise leave no room for delay.
By taking immediate action to identify affected systems within your infrastructure and applying the provided SUSE patches, you can swiftly close this security gap and protect your critical assets from potential exploitation. Review your systems now and prioritize this update.
Nenhum comentário:
Postar um comentário