Ubuntu CUPS High Risk Denial of Service Code Execution 2026-27447

ubuntu

June 8, 2026

Several security issues were fixed in CUPS.

Summary

Several security issues were fixed in CUPS.

Software Description:

- cups: Common UNIX Printing System(tm)

Details:

Ariel Silver discovered that CUPS incorrectly handled username comparisons

during authorization checks. A local attacker could possibly use this issue

to gain unauthorized access to restricted operations. (CVE-2026-27447)

Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled

notify-recipient-uri values in the RSS notifier. A remote attacker could

possibly use this issue to overwrite lp-writable files and cause a denial

of service. (CVE-2026-34978)

Jacob Newman discovered that CUPS incorrectly handled filter option strings

when processing job attributes. An attacker could use this issue to cause

CUPS to crash, resulting in a denial of service, or possibly execute

arbitrary code. (CVE-2026-34979)

Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled

page-border values in shared PostScript queues. A remote attacker could

possibly use this i...

Read the Full Advisory

Topics Covered

security advisory denial of service code execution Ubuntu cups local attacker

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  cups                            2.4.16-1ubuntu1.2
  cups-daemon                     2.4.16-1ubuntu1.2

Ubuntu 25.10
  cups                            2.4.12-0ubuntu3.9
  cups-daemon                     2.4.12-0ubuntu3.9

Ubuntu 24.04 LTS
  cups                            2.4.7-1.2ubuntu7.13
  cups-daemon                     2.4.7-1.2ubuntu7.13

Ubuntu 22.04 LTS
  cups                            2.4.1op1-1ubuntu4.20
  cups-daemon                     2.4.1op1-1ubuntu4.20

In general, a standard system update will make all the necessary changes.