| Errata ID | 443 |
|---|---|
| Date | 2018-08-15 |
| Source package | cups |
| Fixed in version | 1.7.5-11+deb8u4A~4.2.4.201808101752 |
| Description | This update addresses the following issues: * Invalid usernames handled in scheduler/ipp.c:add_job() allow remote attackers to cause a denial of service (CVE-2017-18248) * Local privilege escalation to root due to insecure environment variable handling (CVE-2018-4180) * Manipulation of cupsd.conf by a local attacker resulting in limited reads of arbitrary files as root (CVE-2018-4181) * AppArmor cupsd Sandbox Bypass Due to Use of Hard Links (CVE-2018-6553) |
| Additional notes | |
| CVE ID | CVE-2017-18248 CVE-2018-4180 CVE-2018-4181 CVE-2018-6553 |
| UCS Bug number | #47570 |
