Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:2239-1

Опубликовано: 07 авг. 2018
Источник: suse-cvrf

Описание

Security update for cups

This update for cups fixes the following issues:

The following security vulnerabilities were fixed:

  • CVE-2017-18248: Handle invalid characters properly in printing jobs. This fixes a problem that was causing the DBUS library to abort the calling process. (bsc#1061066 bsc#1087018)
  • Fixed a local privilege escalation to root and sandbox bypasses in the scheduler
  • CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405)
  • CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406)
  • CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407)
  • CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408)

The following other issue was fixed:

  • Fixed authorization check for clients (like samba) connected through the local socket when Kerberos authentication is enabled (bsc#1050082)

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3
cups-1.7.5-12.6.1
cups-client-1.7.5-12.6.1
cups-ddk-1.7.5-12.6.1
cups-devel-1.7.5-12.6.1
cups-libs-1.7.5-12.6.1
cups-libs-32bit-1.7.5-12.6.1

Ссылки

Описание

The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.

Затронутые продукты
openSUSE Leap 42.3:cups-1.7.5-12.6.1
openSUSE Leap 42.3:cups-client-1.7.5-12.6.1
openSUSE Leap 42.3:cups-ddk-1.7.5-12.6.1
openSUSE Leap 42.3:cups-devel-1.7.5-12.6.1
Ссылки

Описание

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

Затронутые продукты
openSUSE Leap 42.3:cups-1.7.5-12.6.1
openSUSE Leap 42.3:cups-client-1.7.5-12.6.1
openSUSE Leap 42.3:cups-ddk-1.7.5-12.6.1
openSUSE Leap 42.3:cups-devel-1.7.5-12.6.1
Ссылки

Описание

In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.

Затронутые продукты
openSUSE Leap 42.3:cups-1.7.5-12.6.1
openSUSE Leap 42.3:cups-client-1.7.5-12.6.1
openSUSE Leap 42.3:cups-ddk-1.7.5-12.6.1
openSUSE Leap 42.3:cups-devel-1.7.5-12.6.1
Ссылки

Описание

In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS.

Затронутые продукты
openSUSE Leap 42.3:cups-1.7.5-12.6.1
openSUSE Leap 42.3:cups-client-1.7.5-12.6.1
openSUSE Leap 42.3:cups-ddk-1.7.5-12.6.1
openSUSE Leap 42.3:cups-devel-1.7.5-12.6.1
Ссылки

Описание

In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions.

Затронутые продукты
openSUSE Leap 42.3:cups-1.7.5-12.6.1
openSUSE Leap 42.3:cups-client-1.7.5-12.6.1
openSUSE Leap 42.3:cups-ddk-1.7.5-12.6.1
openSUSE Leap 42.3:cups-devel-1.7.5-12.6.1
Ссылки