| Errata ID | 149 |
|---|---|
| Date | 2018-07-18 |
| Source package | cups |
| Fixed in version | 2.2.1-8+deb9u2A~4.3.0.201807161612 |
| Description | This update addresses the following issues: * Restrict IPP Everywhere filters to only list supported PDLs to fix CRLF and code injection in printer zeroconfig (CVE-2017-15400) * Fix AppArmor cupsd sandbox bypass due to use of hard links (CVE-2018-6553) * Local privilege escalation to root in dnssd backend (CUPS_SERVERBIN) (CVE-2018-4180) * Limited local file reads as root via cupsd.conf include directive (CVE-2018-4181) * cups-exec sandbox bypass due to insecure error handling (CVE-2018-4182) * cups-exec sandbox bypass due to profile misconfiguration (CVE-2018-4183) |
| Additional notes | |
| CVE ID | CVE-2017-15400 CVE-2018-4180 CVE-2018-4181 CVE-2018-4182 CVE-2018-4183 CVE-2018-6553 |
| UCS Bug number | #47354 |
