Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:2162-1

Опубликовано: 01 авг. 2018
Источник: suse-cvrf

Описание

Security update for cups

This update for cups fixes the following issues:

The following security vulnerabilities were fixed:

  • CVE-2017-18248: Handle invalid characters properly in printing jobs. This fixes a problem that was causing the DBUS library to abort the calling process. (bsc#1061066 bsc#1087018)
  • Fixed a local privilege escalation to root and sandbox bypasses in the scheduler
  • CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405)
  • CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406)
  • CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407)
  • CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408)

The following other issue was fixed:

  • Fixed authorization check for clients (like samba) connected through the local socket when Kerberos authentication is enabled (bsc#1050082)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3
cups-1.7.5-20.14.1
cups-client-1.7.5-20.14.1
cups-libs-1.7.5-20.14.1
cups-libs-32bit-1.7.5-20.14.1
SUSE Linux Enterprise Server 12 SP3
cups-1.7.5-20.14.1
cups-client-1.7.5-20.14.1
cups-libs-1.7.5-20.14.1
cups-libs-32bit-1.7.5-20.14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
cups-1.7.5-20.14.1
cups-client-1.7.5-20.14.1
cups-libs-1.7.5-20.14.1
cups-libs-32bit-1.7.5-20.14.1
SUSE Linux Enterprise Software Development Kit 12 SP3
cups-ddk-1.7.5-20.14.1
cups-devel-1.7.5-20.14.1

Ссылки

Описание

The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1
Ссылки

Описание

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1
Ссылки

Описание

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1
Ссылки

Описание

In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1
Ссылки

Описание

In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1
SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1
Ссылки
Уязвимость SUSE-SU-2018:2162-1