ALP-pool/cups
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
73ab5722ab
cups/cups-2.4.2-CVE-2023-32360.patch

19 lines
1.1 KiB
Diff
Raw Blame History

--- conf/cupsd.conf.in.orig 2022-05-26 08:17:21.000000000 +0200
+++ conf/cupsd.conf.in 2023-09-20 13:39:53.316719260 +0200
@@ -68,7 +68,14 @@ IdleExitTimeout @EXIT_TIMEOUT@
Order deny,allow
</Limit>
- <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job>
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+ </Limit>
+
+ # Require authentication for CUPS-Get-Document otherwise unauthenticated users could access print job documents:
+ <Limit CUPS-Get-Document>
+ AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
Reference in New Issue View Git Blame Copy Permalink