Hi,
I do not typically use a Linux O.S. But I have it on a Raspberry Pi where I have bitcoin core running.
I logged in to my Raspberry Pi for the first time in about a year and fired up bitcoin core. After several seconds, I realized I hadn't updated the software first. It was about 1% into doing whatever it does (not downloading the blockchain, but the initial preparations when it first fires up, whatever that is. Don't remember).
Anyway, I did the update and upgrade and I got this message:I checked the cupsd.conf file and these are the only sections with CUPS-Get-Document:
1. What do I need to do here to make the system secure?
2. Did connecting Bitcoin Core for such a short time potentially compromise me in any way due to this bug?
Thank you!
I do not typically use a Linux O.S. But I have it on a Raspberry Pi where I have bitcoin core running.
I logged in to my Raspberry Pi for the first time in about a year and fired up bitcoin core. After several seconds, I realized I hadn't updated the software first. It was about 1% into doing whatever it does (not downloading the blockchain, but the initial preparations when it first fires up, whatever that is. Don't remember).
Anyway, I did the update and upgrade and I got this message:
Code:
apt-listchanges: Newscups (2.3.3op2-3+deb11u4) bullseye; urgency=mediumThis release addresses a security issue (CVE-2023-32360) which allows unauthorized users to fetch documents over local or remote networks.Since this is a configuration fix, it might be that it does not reach you if you are updating 'cups-daemon' (rather than doing a fresh installation).Please double check your /etc/cups/cupsd.conf file, whether it limits the accessto CUPS-Get-Document with something like the following> <Limit CUPS-Get-Document>> AuthType Default> Require user @OWNER @SYSTEM> Order deny, allow> </Limit>(The important line is the 'AuthType Default' in this section)-- Thorsten Alteholz ‹debian@alteholz.de> Tue, 19 Sep 2023 21:20:27 +0200Code:
# Job-related operations must be done by the owner or an administrator...<Limit Create-Job Print-Job Print-URI Validate-Job> Order deny, allow</Limit><Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-JobCancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> Require user @OWNER @SYSTEM Order deny, allow</Limit>Code:
# Job-related operations must be done by the owner or an administrator...<Limit Create-Job Print-Job Print-URI Validate-Job> AuthType Default Order deny, allow</Limit><Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-JobCancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> AuthType Default Require user @OWNER @SYSTEM Order deny, allow</Limit>2. Did connecting Bitcoin Core for such a short time potentially compromise me in any way due to this bug?
Thank you!
Statistics: Posted by slipnslide — 2024-08-11 15:35 — Replies 1 — Views 22