Univention Bugzilla – Bug 47570
cups: Multiple issues (4.2)
Last modified: 2019-01-08 12:09:51 CET
New Debian cups 1.7.5-11+deb8u4A~4.2.4.201808101752 fixes: This update addresses the following issues: CVE_2014-8166 is open * A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). (CVE-2017-18190) * The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. (CVE-2017-18248) CVE_2018-4180 is resolved CVE_2018-4181 is resolved CVE_2018-6553 is resolved 1.7.5-11+deb8u4 (Fri, 13 Jul 2018 13:05:13 +0200) * Non-maintainer upload by the LTS team. * CVE-2018-4180: Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN) CVE-2018-4181: Limited Local File Reads as Root via cupsd.conf Include Directive - Backported patch taken from Ubuntu. * CVE-2018-6553: Fix AppArmor cupsd sandbox bypass due to use of hard links 1.7.5-11+deb8u3 (Thu, 07 Jun 2018 09:23:48 -0400) * Non-maintainer upload by the Security Team. * CVE-2017-18190: fix remote code execution through DNS rebinding * CVE-2017-18248: fix remote crash through invalid username * CVE-2017-18248 cups: Invalid usernames handled in scheduler/ipp.c:add_job() allow remote attackers to cause a denial of service (CVE-2017-18248) * CVE-2018-4180 cups: Local privilege escalation to root due to insecure environment variable handling (CVE-2018-4180) * CVE-2018-4181 cups: Manipulation of cupsd.conf by a local attacker resulting in limited reads of arbitrary files as root (CVE-2018-4181) * CVE-2018-6553 cups: AppArmor cupsd Sandbox Bypass Due to Use of Hard Links (CVE-2018-6553)
--- mirror/ftp/4.2/unmaintained/4.2-4/source/cups_1.7.5-11+deb8u2A~4.2.4.201805071556.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/cups_1.7.5-11+deb8u4A~4.2.4.201808101752.dsc @@ -1,4 +1,4 @@ -1.7.5-11+deb8u2A~4.2.4.201805071556 [Mon, 07 May 2018 15:56:46 +0200] Univention builddaemon <buildd@univention.de>: +1.7.5-11+deb8u4A~4.2.4.201808101752 [Fri, 10 Aug 2018 17:52:31 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 00-autostart-setting @@ -8,6 +8,20 @@ 11_cups-disable-test 15_postponed-univention-lpadmin-systemd +1.7.5-11+deb8u4 [Fri, 13 Jul 2018 13:05:13 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Non-maintainer upload by the LTS team. + * CVE-2018-4180: Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN) + CVE-2018-4181: Limited Local File Reads as Root via cupsd.conf Include Directive + - Backported patch taken from Ubuntu. + * CVE-2018-6553: Fix AppArmor cupsd sandbox bypass due to use of hard links + +1.7.5-11+deb8u3 [Thu, 07 Jun 2018 09:23:48 -0400] Antoine Beaupré <anarcat@debian.org>: + + * Non-maintainer upload by the Security Team. + * CVE-2017-18190: fix remote code execution through DNS rebinding + * CVE-2017-18248: fix remote crash through invalid username + 1.7.5-11+deb8u2 [Fri, 21 Jul 2017 14:09:44 +0200] Didier Raboud <odyx@debian.org>: * Disable SSLv3 and RC4 by default to address POODLE vulnerability <http://10.200.17.11/4.2-4/#8662698088083549808>
OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] a096720ee7 Bug #47570: cups 1.7.5-11+deb8u4A~4.2.4.201808101752 doc/errata/staging/cups.yaml | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) [4.2-4] 3009ee16dd Bug #47570: cups 1.7.5-11+deb8u4A~4.2.4.201808101752 doc/errata/staging/cups.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)
<http://errata.software-univention.de/ucs/4.2/443.html>