Hi, First, a workaround that is probably the "best" way to correct the problem, once effective after installation of "2.4.1op1-1ubuntu4.15" version for Jammy (or equivalent ones for other Ubuntu versions), is to install a fresh "/etc/cups/cupsd.conf".
During installation, the "cups-daemon" package installs a default "cupsd.conf" at "/usr/share/cups/cupsd.conf.default". So, the fix consists in using this file as "cupsd.conf". Check with your file manager that "/usr/share/cups/cupsd.conf.default" does exist. Once checked, in a terminal, enter the following code: [code] # stop cups service sudo systemctl stop cups # backup your existing cups sudo cp /etc/cups/cupsd.conf /etc/cups/cupsd.conf.bak # copy default cupsd.conf sudo cp /usr/share/cups/cupsd.conf.default /etc/cups/cupsd.conf # restart cups sudo systemctl restart cups # check cups status sudo systemctl status cups [/code] If a user had made changes in his "cupsd.conf" prior to update, he needs to compare "/etc/cups/cupsd.conf" and "/etc/cups/cupsd.conf.bak" (open them with a text editor). If necessary, edit the "cupsd.conf" with the changes. The advantage of this method is that it gives an uncorrupted "cupsd.conf", whatever the corrupted lines, and that it gives a fresh "cupsd.conf", in phase with the version of cups. Second, the future fix. "2.4.1op1-1ubuntu4.15" version and equivalents are a security fix that hardens the way cups functions by blocking it in case of syntax error. It has been done to prevent attack exploiting this weak way of functioning. And those versions have worked correctly, and blocked cups functioning when the syntax in "cupsd.conf" was incorrect. I don't agree with the proposal for a future fix to be more tolerant and just generate an error log when a syntax error is found. It would be more tolerant, yes, but less secure. What I propose is that, in the future versions of cups, during installation old "cupsd.conf" is saved, like are saved "printers.conf" (to "printers.conf.O) and "subscriptions.conf" (to "subscriptions.conf.O") and replaced by a copy of "/usr/share/cups/cupsd.conf.default". A warning could be displayed, saying that "cupsd.conf" has been replaced by the default one. Cups would keep its today way of functioning, blocking on syntax errors, and would stay secure. Regards, MN -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2133207 Title: cups security update causes issues with invalid config file To manage notifications about this bug go to: https://bugs.launchpad.net/cups/+bug/2133207/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
