Univention Bugzilla – Bug 47354
cups: Multiple issues (4.3)
Last modified: 2019-01-08 12:09:51 CET
New Debian cups 2.2.1-8+deb9u2A~4.3.1.201807161049 fixes: This update addresses the following issue(s): * CVE_2014-8166 is open * Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue. (CVE-2017-15400) CVE_2017-18248 is open CVE_2018-4180 is resolved CVE_2018-4181 is resolved CVE_2018-6553 is resolved 2.2.1-8+deb9u2 (Wed, 11 Jul 2018 11:29:27 +0200) * CVE-2018-6553: Fix AppArmor cupsd sandbox bypass due to use of hard links * Backport upstream fixes for: - CVE-2018-4180 Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN) - CVE-2018-4181 Limited Local File Reads as Root via cupsd.conf Include Directive - CVE-2018-4182 cups-exec Sandbox Bypass Due to Insecure Error Handling - CVE-2018-4183 cups-exec Sandbox Bypass Due to Profile Misconfiguration - CVE-2017-15400: Restrict IPP Everywhere filters to only list supported PDLs to fix CRLF and Code Injection in Printer Zeroconfig
Package imported an built. d60ba66ec8 | Advisory
piuparts check successful: http://10.200.17.11/4.3-1/#3797211375248925227
[4.3-1 19a1487915] Bug #47354: fix YAML piuparts -> OK YAML -> OK
<http://errata.software-univention.de/ucs/4.3/149.html>