| Errata ID | 431 |
|---|---|
| Date | 2019-02-27 |
| Source package | cups |
| Fixed in version | 2.2.1-8+deb9u3A~4.3.3.201902261122 |
| Description | This update addresses the following issues: * Invalid usernames handled in scheduler/ipp.c:add_job() allow remote attackers to cause a denial of service (CVE-2017-18248) * Predictable session cookie breaks CSRF protection (CVE-2018-4700) |
| Additional notes | |
| CVE ID | CVE-2017-18248 CVE-2018-4700 |
| UCS Bug number | #48772 |
