|
cups (2.4.16-1ubuntu1.2) resolute-security; urgency=medium
* SECURITY UPDATE: authorization bypass vulnerability
- debian/patches/CVE-2026-27447-1.patch: The scheduler treated local user
and group names as case-insensitive. in scheduler/auth.c.
- debian/patches/CVE-2026-27447-2.patch: Fix cupsd crash if user does not
exist on server in scheduler/auth.c.
- debian/patches/CVE-2026-27447-3.patch: Fix unauthenticated print policies
(Issue #1557) in scheduler/auth.c.
- CVE-2026-27447
* SECURITY UPDATE: RSS notifier path traversal issue
- debian/patches/CVE-2026-34978.patch: Fix RSS notifier. in notifier/rss.c,
scheduler/ipp.c.
- CVE-2026-34978
* SECURITY UPDATE: heap overflow in building filter option strings
- debian/patches/CVE-2026-34979-1.patch: Expand allocation of options
string. in scheduler/job.c.
- debian/patches/CVE-2026-34979-2.patch: Fix get_options regression (Issue
#1532) in scheduler/job.c, test/5.5-lp.sh.
- CVE-2026-34979
* SECURITY UPDATE: embedded newline issue in print jobs
- debian/patches/CVE-2026-34980-1.patch: Filter out control characters from
option values. in scheduler/job.c.
- debian/patches/CVE-2026-34980-2.patch: Fix filter PPD keyword processing
(Issue #1562) in scheduler/job.c.
- CVE-2026-34980
* SECURITY UPDATE: incorrectly accepts local certificates over the
loopback interface
- debian/patches/CVE-2026-34990-1.patch: Don't allow local certificates over
the loopback interface, drop support for writing to plain files. in
cups/auth.c, scheduler/auth.c, scheduler/client.c, scheduler/ipp.c,
scheduler/job.c, test/4.2-cups-printer-ops.test, test/5.1-lpadmin.sh.
- debian/patches/CVE-2026-34990-2.patch: Fix builds against GSSAPI
(Kerberos) in cups/auth.c.
- CVE-2026-34990
* SECURITY UPDATE: integer underflow in _ppdCreateFromIPP()
- debian/patches/CVE-2026-39314.patch: Range check job-password-supported.
in cups/ppd-cache.c.
- CVE-2026-39314
* SECURITY UPDATE: use-after-free when temp printers are deleted
- debian/patches/CVE-2026-39316.patch: Expire per-printer subscriptions
before deleting. in scheduler/printers.c.
- CVE-2026-39316
* SECURITY UPDATE: OOB read via SNMP response
- debian/patches/CVE-2026-41079.patch: Limit num_bytes for SNMP string
values. in cups/snmp-private.h, cups/snmp.c.
- CVE-2026-41079
* Miscellaneous additional fixes:
- debian/patches/misc-fix-1.patch: Improve page header validation in
cupsRasterReadHeader in cups/raster-error.c, cups/raster-stream.c.
- debian/patches/misc-fix-2.patch: Protect against a driver reporting a
supply type with a trailing '-'. in scheduler/printers.c.
- debian/patches/misc-fix-3.patch: Range check cupsBytesPerLine in
rastertoepson. in filter/rastertoepson.c.
- debian/patches/misc-fix-4.patch: Sanity check HWResolution when writing
Apple Raster. in cups/raster-stream.c.
- debian/patches/misc-fix-5.patch: Protect against deep collection values
(Issue #1539) in cups/cups-private.h, cups/dest-options.c, cups/encode.c.
- debian/patches/misc-fix-6.patch: Update processing of LimitRequestBody,
MaxLogSize, and MaxRequestSize to support full range of file sizes in
scheduler/conf.c, scheduler/conf.h.
- debian/patches/misc-fix-6-2.patch: Fix builds on systems that don't define
OFF_MAX in scheduler/conf.c.
- debian/patches/misc-fix-7.patch: Fix blank line detection in rastertolabel
in filter/rastertolabel.c.
- debian/patches/misc-fix-8.patch: Add buffer size check from CUPS 2.5.x to
_ippFileReadToken (Issue #1542) in cups/ipp-file.c.
- debian/patches/misc-fix-9.patch: Fix regression in
cupsRasterRead/WriteHeader. in cups/raster-stream.c.
* debian/tests/utils/test-drivers: disable most tests since the security
update no longer accepts writing to files. Needs to be adapted. Taken
from 2.4.18-1.
-- Marc Deslauriers <email address hidden> Fri, 05 Jun 2026 09:14:36 -0400
|
| CVE-2026-27447 |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd |
| CVE-2026-34978 |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier a |
| CVE-2026-34979 |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-ba |
| CVE-2026-34980 |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-expos |
| CVE-2026-34990 |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileg |
| CVE-2026-39314 |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underfl |
| CVE-2026-39316 |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free v |
| CVE-2026-41079 |
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can |
|
