Amazon Linux 2 Security Advisory: ALAS2-2025-3028
Advisory Released Date: 2025-10-14
Advisory Updated Date: 2025-10-14
A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize() function, the password is not checked. This vulnerability allows attackers to bypass authentication entirely, resulting in unauthorized access to administrative functions and system configuration. (CVE-2025-58060)
Affected Packages:
cups
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update cups or yum update --advisory ALAS2-2025-3028 to update your system.
aarch64:
cups-1.6.3-51.amzn2.0.7.aarch64
cups-client-1.6.3-51.amzn2.0.7.aarch64
cups-devel-1.6.3-51.amzn2.0.7.aarch64
cups-libs-1.6.3-51.amzn2.0.7.aarch64
cups-lpd-1.6.3-51.amzn2.0.7.aarch64
cups-ipptool-1.6.3-51.amzn2.0.7.aarch64
cups-debuginfo-1.6.3-51.amzn2.0.7.aarch64
i686:
cups-1.6.3-51.amzn2.0.7.i686
cups-client-1.6.3-51.amzn2.0.7.i686
cups-devel-1.6.3-51.amzn2.0.7.i686
cups-libs-1.6.3-51.amzn2.0.7.i686
cups-lpd-1.6.3-51.amzn2.0.7.i686
cups-ipptool-1.6.3-51.amzn2.0.7.i686
cups-debuginfo-1.6.3-51.amzn2.0.7.i686
noarch:
cups-filesystem-1.6.3-51.amzn2.0.7.noarch
src:
cups-1.6.3-51.amzn2.0.7.src
x86_64:
cups-1.6.3-51.amzn2.0.7.x86_64
cups-client-1.6.3-51.amzn2.0.7.x86_64
cups-devel-1.6.3-51.amzn2.0.7.x86_64
cups-libs-1.6.3-51.amzn2.0.7.x86_64
cups-lpd-1.6.3-51.amzn2.0.7.x86_64
cups-ipptool-1.6.3-51.amzn2.0.7.x86_64
cups-debuginfo-1.6.3-51.amzn2.0.7.x86_64