Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

Mageia 9 cups Critical Authorization Bypass Allows Remote Code Execution

mageia
Calendar Grey June 12, 2026
Dist Mageia Esm H88
Mageia 9 cups security advisory addressing critical vulnerabilities for protection against exploits and unauthorized access.
Security update

Summary

Description: CVE-2026-27447, Authorization bypass via case-insensitive group-member lookup. CVE-2026-39314, Integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported` CVE-2026-39316, Use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer CVE-2026-34978, Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache) CVE-2026-34979, Heap overflow in `get_options()` CVE-2026-34980, Shared PostScript queue lets anonymous Print-Job requests reach `lp`code execution over the network CVE-2026-34990, Local print admin token disclosure using temporary printers. Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users. Out-of-bounds heap read in cupsdSetPrinterAttr marker-types parsing

References

- https://bugs.mageia.org/show_bug.cgi?id=35355

- https://www.openwall.com/lists/oss-security/2026/04/08/2

- https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9

- https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr

- https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh

- https://github.com/OpenPrinting/cups/security/advisories/GHSA-pp8w-2g52-7vj7

- https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg

- https://github.com/OpenPrinting/cups/security/advisories/GHSA-qfp8-9frx-5j48

- https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf

- https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp

- https://www.openwall.com/lists/oss-security/2026/04/17/11

- https://www.cve.org/CVERecord?id=CVE-2026-27447

- https://www.cve.org/CVERecord?id=CVE-2026-39314

- https://www.cve.org/CVERecord?id=CVE-2026-39316

- https://www.cve.org/CVERecord?id=CVE-2026-34978

- https://www.cve.org/CVERecord?id=CVE-2026-34979

- https://www.cve.org/CVERecord?id=CVE-2026-34980

- https://www.cve.org/CVERecord?id=CVE-2026-34990

Topics%20covered

Topics Covered

security advisory important heap overflow cups authorization bypass Mageia

Resolution

SRPMS

- 9/core/cups-2.4.6-1.10.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 12 Jun 2026
URL: https://advisories.mageia.org/MGASA-2026-0201.html
Type: security
CVE: CVE-2026-27447, CVE-2026-39314, CVE-2026-39316, CVE-2026-34978, CVE-2026-34979, CVE-2026-34980, CVE-2026-34990

Topics%20covered

Topics Covered

security advisory important heap overflow cups authorization bypass Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here