What Are You Looking For?

Sign Up
   SUSE Security Update: Security update for cups
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2162-1
Rating:             moderate
References:         #1050082 #1061066 #1087018 #1096405 #1096406 
                    #1096407 #1096408 
Cross-References:   CVE-2017-18248 CVE-2018-4180 CVE-2018-4181
                    CVE-2018-4182 CVE-2018-4183
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP3
                    SUSE Linux Enterprise Server 12-SP3
                    SUSE Linux Enterprise Desktop 12-SP3
______________________________________________________________________________

   An update that solves 5 vulnerabilities and has two fixes
   is now available.

Description:

   This update for cups fixes the following issues:

   The following security vulnerabilities were fixed:

   - CVE-2017-18248: Handle invalid characters properly in printing jobs.
     This fixes a problem that was causing the DBUS library to abort the
     calling process. (bsc#1061066 bsc#1087018)
   - Fixed a local privilege escalation to root and sandbox bypasses in the
     scheduler
   - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd
     backend (bsc#1096405)
   - CVE-2018-4181: Limited local file reads as root via cupsd.conf include
     directive (bsc#1096406)
   - CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling
     (bsc#1096407)
   - CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration
     (bsc#1096408)

   The following other issue was fixed:

   - Fixed authorization check for clients (like samba) connected through the
     local socket when Kerberos authentication is enabled (bsc#1050082)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP3:

      zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1471=1

   - SUSE Linux Enterprise Server 12-SP3:

      zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1471=1

   - SUSE Linux Enterprise Desktop 12-SP3:

      zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1471=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

      cups-ddk-1.7.5-20.14.1
      cups-ddk-debuginfo-1.7.5-20.14.1
      cups-debuginfo-1.7.5-20.14.1
      cups-debugsource-1.7.5-20.14.1
      cups-devel-1.7.5-20.14.1

   - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):

      cups-1.7.5-20.14.1
      cups-client-1.7.5-20.14.1
      cups-client-debuginfo-1.7.5-20.14.1
      cups-debuginfo-1.7.5-20.14.1
      cups-debugsource-1.7.5-20.14.1
      cups-libs-1.7.5-20.14.1
      cups-libs-debuginfo-1.7.5-20.14.1

   - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64):

      cups-libs-32bit-1.7.5-20.14.1
      cups-libs-debuginfo-32bit-1.7.5-20.14.1

   - SUSE Linux Enterprise Desktop 12-SP3 (x86_64):

      cups-1.7.5-20.14.1
      cups-client-1.7.5-20.14.1
      cups-client-debuginfo-1.7.5-20.14.1
      cups-debuginfo-1.7.5-20.14.1
      cups-debugsource-1.7.5-20.14.1
      cups-libs-1.7.5-20.14.1
      cups-libs-32bit-1.7.5-20.14.1
      cups-libs-debuginfo-1.7.5-20.14.1
      cups-libs-debuginfo-32bit-1.7.5-20.14.1


References:

   https://www.suse.com/security/cve/CVE-2017-18248.html
   https://www.suse.com/security/cve/CVE-2018-4180.html
   https://www.suse.com/security/cve/CVE-2018-4181.html
   https://www.suse.com/security/cve/CVE-2018-4182.html
   https://www.suse.com/security/cve/CVE-2018-4183.html
   https://bugzilla.suse.com/1050082
   https://bugzilla.suse.com/1061066
   https://bugzilla.suse.com/1087018
   https://bugzilla.suse.com/1096405
   https://bugzilla.suse.com/1096406
   https://bugzilla.suse.com/1096407
   https://bugzilla.suse.com/1096408

SUSE: 2018:2162-1 moderate: cups

August 1, 2018
An update that solves 5 vulnerabilities and has two fixes is now available

Summary

This update for cups fixes the following issues: The following security vulnerabilities were fixed: - CVE-2017-18248: Handle invalid characters properly in printing jobs. This fixes a problem that was causing the DBUS library to abort the calling process. (bsc#1061066 bsc#1087018) - Fixed a local privilege escalation to root and sandbox bypasses in the scheduler - CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405) - CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406) - CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407) - CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408) The following other issue was fixed: - Fixed authorization check for clients (like samba) connected through the local socket when Kerberos authentication is enabled (bsc#1050082) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1471=1 - SUSE Linux Enterprise Server 12-SP3: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1471=1 - SUSE Linux Enterprise Desktop 12-SP3: zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-1471=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): cups-ddk-1.7.5-20.14.1 cups-ddk-debuginfo-1.7.5-20.14.1 cups-debuginfo-1.7.5-20.14.1 cups-debugsource-1.7.5-20.14.1 cups-devel-1.7.5-20.14.1 - SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64): cups-1.7.5-20.14.1 cups-client-1.7.5-20.14.1 cups-client-debuginfo-1.7.5-20.14.1 cups-debuginfo-1.7.5-20.14.1 cups-debugsource-1.7.5-20.14.1 cups-libs-1.7.5-20.14.1 cups-libs-debuginfo-1.7.5-20.14.1 - SUSE Linux Enterprise Server 12-SP3 (s390x x86_64): cups-libs-32bit-1.7.5-20.14.1 cups-libs-debuginfo-32bit-1.7.5-20.14.1 - SUSE Linux Enterprise Desktop 12-SP3 (x86_64): cups-1.7.5-20.14.1 cups-client-1.7.5-20.14.1 cups-client-debuginfo-1.7.5-20.14.1 cups-debuginfo-1.7.5-20.14.1 cups-debugsource-1.7.5-20.14.1 cups-libs-1.7.5-20.14.1 cups-libs-32bit-1.7.5-20.14.1 cups-libs-debuginfo-1.7.5-20.14.1 cups-libs-debuginfo-32bit-1.7.5-20.14.1

References

#1050082 #1061066 #1087018 #1096405 #1096406

#1096407 #1096408

Cross- CVE-2017-18248 CVE-2018-4180 CVE-2018-4181

CVE-2018-4182 CVE-2018-4183

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP3

SUSE Linux Enterprise Server 12-SP3

SUSE Linux Enterprise Desktop 12-SP3

https://www.suse.com/security/cve/CVE-2017-18248.html

https://www.suse.com/security/cve/CVE-2018-4180.html

https://www.suse.com/security/cve/CVE-2018-4181.html

https://www.suse.com/security/cve/CVE-2018-4182.html

https://www.suse.com/security/cve/CVE-2018-4183.html

https://bugzilla.suse.com/1050082

https://bugzilla.suse.com/1061066

https://bugzilla.suse.com/1087018

https://bugzilla.suse.com/1096405

https://bugzilla.suse.com/1096406

https://bugzilla.suse.com/1096407

https://bugzilla.suse.com/1096408

Severity
Announcement ID: SUSE-SU-2018:2162-1
Rating: moderate

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo