This bug was fixed in the package cups - 2.4.12-0ubuntu5
---------------
cups (2.4.12-0ubuntu5) resolute; urgency=medium
* SECURITY UPDATE: Slow client communication leads to a possible DoS
attack
- debian/patches/CVE-2025-58436-1.patch: fix unresponsive cupsd process
caused by a slow client in cups/http-private.h, cups/http.c,
cups/tls-openssl.c, scheduler/client.c, scheduler/client.h,
scheduler/select.c.
- debian/patches/CVE-2025-58436-2.patch: fix an infinite loop issue in
GTK+ in cups/http.c.
- CVE-2025-58436
* SECURITY REGRESSION: issue with invalid configuration (LP: #2133207)
- debian/patches/lp2133207.patch: fix stopping scheduler on unknown
directive in scheduler/conf.c.
-- Marc Deslauriers <[email protected]> Thu, 04 Dec 2025
11:25:07 -0500
** Changed in: cups (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2133207
Title:
cups security update causes issues with invalid config file
To manage notifications about this bug go to:
https://bugs.launchpad.net/cups/+bug/2133207/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
