Explore top 10 tips to secure your open-source projects now. Read More
×Moderate: cups security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:39302", "synopsis": "Moderate: cups security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for cups.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.\n\nSecurity Fix(es):\n\n* cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network (CVE-2026-34980)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2454954", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2454954", "description": ""}], "cves": [{"name": "CVE-2026-34980", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980", "cvss3ScoringVector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "cvss3BaseScore": "6.4", "cwe": "CWE-78"}], "references": [], "publishedAt": "2026-07-15T12:06:01.640959Z", "rpms": {"Rocky Linux 10": {"nvras": ["cups-debuginfo-1:2.4.10-18.el10_2.s390x.rpm", "cups-lpd-1:2.4.10-18.el10_2.x86_64.rpm", "cups-libs-1:2.4.10-18.el10_2.ppc64le.rpm", "cups-client-debuginfo-1:2.4.10-18.el10_2.x86_64.rpm", "cups-printerapp-debuginfo-1:2.4.10-18.el10_2.s390x.rpm", "cups-ipptool-debuginfo-1:2.4.10-18.el10_2.s390x.rpm", "cups-client-1:2.4.10-18.el10_2.x86_64.rpm", "cups-devel-1:2.4.10-18.el10_2.x86_64.rpm", "cups-debugsource-1:2.4.10-18.el10_2.s390x.rpm", "cups-printerapp-1:2.4.10-18.el10_2.ppc64le.rpm", "cups-1:2.4.10-18.el10_2.x86_64.rpm", "cups-lpd-1:2.4.10-18.el10_2.ppc64le.rpm","cups-libs-1:2.4.10-18.el10_2.s390x.rpm", "cups-client-1:2.4.10-18.el10_2.s390x.rpm", "cups-ipptool-1:2.4.10-18.el10_2.ppc64le.rpm", "cups-debuginfo-1:2.4.10-18.el10_2.aarch64.rpm", "cups-client-1:2.4.10-18.el10_2.aarch64.rpm", "cups-ipptool-debuginfo-1:2.4.10-18.el10_2.x86_64.rpm", "cups-client-debuginfo-1:2.4.10-18.el10_2.s390x.rpm", "cups-libs-debuginfo-1:2.4.10-18.el10_2.aarch64.rpm", "cups-lpd-debuginfo-1:2.4.10-18.el10_2.ppc64le.rpm", "cups-1:2.4.10-18.el10_2.src.rpm", "cups-ipptool-1:2.4.10-18.el10_2.s390x.rpm", "cups-filesystem-1:2.4.10-18.el10_2.noarch.rpm", "cups-client-debuginfo-1:2.4.10-18.el10_2.aarch64.rpm", "cups-debugsource-1:2.4.10-18.el10_2.x86_64.rpm", "cups-printerapp-1:2.4.10-18.el10_2.x86_64.rpm", "cups-debugsource-1:2.4.10-18.el10_2.ppc64le.rpm", "cups-ipptool-1:2.4.10-18.el10_2.aarch64.rpm", "cups-libs-debuginfo-1:2.4.10-18.el10_2.x86_64.rpm", "cups-libs-debuginfo-1:2.4.10-18.el10_2.ppc64le.rpm", "cups-debugsource-1:2.4.10-18.el10_2.aarch64.rpm", "cups-debuginfo-1:2.4.10-18.el10_2.ppc64le.rpm", "cups-devel-1:2.4.10-18.el10_2.s390x.rpm", "cups-libs-1:2.4.10-18.el10_2.aarch64.rpm", "cups-lpd-1:2.4.10-18.el10_2.s390x.rpm", "cups-lpd-debuginfo-1:2.4.10-18.el10_2.s390x.rpm", "cups-client-debuginfo-1:2.4.10-18.el10_2.ppc64le.rpm", "cups-debuginfo-1:2.4.10-18.el10_2.x86_64.rpm", "cups-1:2.4.10-18.el10_2.aarch64.rpm", "cups-1:2.4.10-18.el10_2.ppc64le.rpm", "cups-printerapp-debuginfo-1:2.4.10-18.el10_2.aarch64.rpm", "cups-printerapp-1:2.4.10-18.el10_2.s390x.rpm", "cups-client-1:2.4.10-18.el10_2.ppc64le.rpm", "cups-ipptool-1:2.4.10-18.el10_2.x86_64.rpm", "cups-printerapp-debuginfo-1:2.4.10-18.el10_2.x86_64.rpm", "cups-printerapp-1:2.4.10-18.el10_2.aarch64.rpm", "cups-devel-1:2.4.10-18.el10_2.ppc64le.rpm", "cups-lpd-1:2.4.10-18.el10_2.aarch64.rpm", "cups-lpd-debuginfo-1:2.4.10-18.el10_2.aarch64.rpm", "cups-ipptool-debuginfo-1:2.4.10-18.el10_2.aarch64.rpm", "cups-ipptool-debuginfo-1:2.4.10-18.el10_2.ppc64le.rpm", "cups-1:2.4.10-18.el10_2.s390x.rpm", "cups-lpd-debuginfo-1:2.4.10-18.el10_2.x86_64.rpm","cups-devel-1:2.4.10-18.el10_2.aarch64.rpm", "cups-libs-debuginfo-1:2.4.10-18.el10_2.s390x.rpm", "cups-printerapp-debuginfo-1:2.4.10-18.el10_2.ppc64le.rpm", "cups-libs-1:2.4.10-18.el10_2.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. An important security advisory detailing a moderate CUPS update for Rocky Linux, addressing network access vulnerabilities.. Rocky Linux security update, CUPS security advisory, network vulnerability. . Severity: moderate. LinuxSecurity.com Team
Moderate: cups security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:39316", "synopsis": "Moderate: cups security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for cups.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.\n\nSecurity Fix(es):\n\n* cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network (CVE-2026-34980)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2454954", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2454954", "description": ""}], "cves": [{"name": "CVE-2026-34980", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980", "cvss3ScoringVector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "cvss3BaseScore": "6.4", "cwe": "CWE-78"}], "references": [], "publishedAt": "2026-07-15T12:03:43.176942Z", "rpms": {"Rocky Linux 9": {"nvras": ["cups-1:2.3.3op2-39.el9_8.aarch64.rpm", "cups-1:2.3.3op2-39.el9_8.ppc64le.rpm", "cups-1:2.3.3op2-39.el9_8.s390x.rpm", "cups-1:2.3.3op2-39.el9_8.src.rpm", "cups-1:2.3.3op2-39.el9_8.x86_64.rpm", "cups-client-1:2.3.3op2-39.el9_8.aarch64.rpm", "cups-client-1:2.3.3op2-39.el9_8.ppc64le.rpm", "cups-client-1:2.3.3op2-39.el9_8.s390x.rpm", "cups-client-1:2.3.3op2-39.el9_8.x86_64.rpm", "cups-client-debuginfo-1:2.3.3op2-39.el9_8.aarch64.rpm", "cups-client-debuginfo-1:2.3.3op2-39.el9_8.ppc64le.rpm", "cups-client-debuginfo-1:2.3.3op2-39.el9_8.s390x.rpm","cups-client-debuginfo-1:2.3.3op2-39.el9_8.x86_64.rpm", "cups-debuginfo-1:2.3.3op2-39.el9_8.aarch64.rpm", "cups-debuginfo-1:2.3.3op2-39.el9_8.i686.rpm", "cups-debuginfo-1:2.3.3op2-39.el9_8.ppc64le.rpm", "cups-debuginfo-1:2.3.3op2-39.el9_8.s390x.rpm", "cups-debuginfo-1:2.3.3op2-39.el9_8.x86_64.rpm", "cups-debugsource-1:2.3.3op2-39.el9_8.aarch64.rpm", "cups-debugsource-1:2.3.3op2-39.el9_8.i686.rpm", "cups-debugsource-1:2.3.3op2-39.el9_8.ppc64le.rpm", "cups-debugsource-1:2.3.3op2-39.el9_8.s390x.rpm", "cups-debugsource-1:2.3.3op2-39.el9_8.x86_64.rpm", "cups-devel-1:2.3.3op2-39.el9_8.aarch64.rpm", "cups-devel-1:2.3.3op2-39.el9_8.i686.rpm", "cups-devel-1:2.3.3op2-39.el9_8.ppc64le.rpm", "cups-devel-1:2.3.3op2-39.el9_8.s390x.rpm", "cups-devel-1:2.3.3op2-39.el9_8.x86_64.rpm", "cups-filesystem-1:2.3.3op2-39.el9_8.noarch.rpm", "cups-ipptool-1:2.3.3op2-39.el9_8.aarch64.rpm", "cups-ipptool-1:2.3.3op2-39.el9_8.ppc64le.rpm", "cups-ipptool-1:2.3.3op2-39.el9_8.s390x.rpm", "cups-ipptool-1:2.3.3op2-39.el9_8.x86_64.rpm", "cups-ipptool-debuginfo-1:2.3.3op2-39.el9_8.aarch64.rpm", "cups-ipptool-debuginfo-1:2.3.3op2-39.el9_8.ppc64le.rpm", "cups-ipptool-debuginfo-1:2.3.3op2-39.el9_8.s390x.rpm", "cups-ipptool-debuginfo-1:2.3.3op2-39.el9_8.x86_64.rpm", "cups-libs-1:2.3.3op2-39.el9_8.aarch64.rpm", "cups-libs-1:2.3.3op2-39.el9_8.i686.rpm", "cups-libs-1:2.3.3op2-39.el9_8.ppc64le.rpm", "cups-libs-1:2.3.3op2-39.el9_8.s390x.rpm", "cups-libs-1:2.3.3op2-39.el9_8.x86_64.rpm", "cups-libs-debuginfo-1:2.3.3op2-39.el9_8.aarch64.rpm", "cups-libs-debuginfo-1:2.3.3op2-39.el9_8.i686.rpm", "cups-libs-debuginfo-1:2.3.3op2-39.el9_8.ppc64le.rpm", "cups-libs-debuginfo-1:2.3.3op2-39.el9_8.s390x.rpm", "cups-libs-debuginfo-1:2.3.3op2-39.el9_8.x86_64.rpm", "cups-lpd-1:2.3.3op2-39.el9_8.aarch64.rpm", "cups-lpd-1:2.3.3op2-39.el9_8.ppc64le.rpm", "cups-lpd-1:2.3.3op2-39.el9_8.s390x.rpm", "cups-lpd-1:2.3.3op2-39.el9_8.x86_64.rpm", "cups-lpd-debuginfo-1:2.3.3op2-39.el9_8.aarch64.rpm", "cups-lpd-debuginfo-1:2.3.3op2-39.el9_8.ppc64le.rpm","cups-lpd-debuginfo-1:2.3.3op2-39.el9_8.s390x.rpm", "cups-lpd-debuginfo-1:2.3.3op2-39.el9_8.x86_64.rpm", "cups-printerapp-1:2.3.3op2-39.el9_8.aarch64.rpm", "cups-printerapp-1:2.3.3op2-39.el9_8.ppc64le.rpm", "cups-printerapp-1:2.3.3op2-39.el9_8.s390x.rpm", "cups-printerapp-1:2.3.3op2-39.el9_8.x86_64.rpm", "cups-printerapp-debuginfo-1:2.3.3op2-39.el9_8.aarch64.rpm", "cups-printerapp-debuginfo-1:2.3.3op2-39.el9_8.ppc64le.rpm", "cups-printerapp-debuginfo-1:2.3.3op2-39.el9_8.s390x.rpm", "cups-printerapp-debuginfo-1:2.3.3op2-39.el9_8.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. A moderate cups security update is now available for Rocky Linux 9, addressing critical issues in the printing system.. CUPS update, Rocky Linux security, moderate severity, network attack, code execution. . Severity: moderate. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-39316 http://linux.oracle.com/errata/ELSA-2026-39316.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: cups-2.3.3op2-39.el9_8.x86_64.rpm cups-client-2.3.3op2-39.el9_8.x86_64.rpm cups-devel-2.3.3op2-39.el9_8.i686.rpm cups-devel-2.3.3op2-39.el9_8.x86_64.rpm cups-filesystem-2.3.3op2-39.el9_8.noarch.rpm cups-ipptool-2.3.3op2-39.el9_8.x86_64.rpm cups-libs-2.3.3op2-39.el9_8.i686.rpm cups-libs-2.3.3op2-39.el9_8.x86_64.rpm cups-lpd-2.3.3op2-39.el9_8.x86_64.rpm cups-printerapp-2.3.3op2-39.el9_8.x86_64.rpm aarch64: cups-2.3.3op2-39.el9_8.aarch64.rpm cups-client-2.3.3op2-39.el9_8.aarch64.rpm cups-devel-2.3.3op2-39.el9_8.aarch64.rpm cups-filesystem-2.3.3op2-39.el9_8.noarch.rpm cups-ipptool-2.3.3op2-39.el9_8.aarch64.rpm cups-libs-2.3.3op2-39.el9_8.aarch64.rpm cups-lpd-2.3.3op2-39.el9_8.aarch64.rpm cups-printerapp-2.3.3op2-39.el9_8.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/cups-2.3.3op2-39.el9_8.src.rpm Related CVEs: CVE-2026-34980 Description of changes: [1:2.3.3op2-39] - RHEL-177957 CVE-2026-34980 cups: control character injection in option values _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-36733 http://linux.oracle.com/errata/ELSA-2026-36733.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: cups-2.2.6-68.el8_10.x86_64.rpm cups-client-2.2.6-68.el8_10.x86_64.rpm cups-devel-2.2.6-68.el8_10.i686.rpm cups-devel-2.2.6-68.el8_10.x86_64.rpm cups-filesystem-2.2.6-68.el8_10.noarch.rpm cups-ipptool-2.2.6-68.el8_10.x86_64.rpm cups-libs-2.2.6-68.el8_10.i686.rpm cups-libs-2.2.6-68.el8_10.x86_64.rpm cups-lpd-2.2.6-68.el8_10.x86_64.rpm aarch64: cups-2.2.6-68.el8_10.aarch64.rpm cups-client-2.2.6-68.el8_10.aarch64.rpm cups-devel-2.2.6-68.el8_10.aarch64.rpm cups-filesystem-2.2.6-68.el8_10.noarch.rpm cups-ipptool-2.2.6-68.el8_10.aarch64.rpm cups-libs-2.2.6-68.el8_10.aarch64.rpm cups-lpd-2.2.6-68.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/cups-2.2.6-68.el8_10.src.rpm Related CVEs: CVE-2026-34980 Description of changes: [1:2.2.6-68] - RHEL-177947 CVE-2026-34980 cups: control character injection in option values _______________________________________________ El-errata mailing list
An update that solves six vulnerabilities can now be installed.. # Security update for cups Announcement ID: SUSE-SU-2026:2732-1 Release Date: 2026-07-02T17:41:51Z Rating: moderate References: * bsc#1261569 * bsc#1261570 * bsc#1261571 * bsc#1261572 * bsc#1261742 * bsc#1261743 Cross-References: * CVE-2026-27447 * CVE-2026-34978 * CVE-2026-34979 * CVE-2026-34980 * CVE-2026-39314 * CVE-2026-39316 CVSS scores: * CVE-2026-27447 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N * CVE-2026-27447 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N * CVE-2026-27447 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N * CVE-2026-34978 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-34978 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-34979 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-34979 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-34980 ( SUSE ): 6.4 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2026-34980 ( NVD ): 6.1 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34980 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-39314 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39314 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39314 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-39314 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39316 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39316 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39316 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39316 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP7 * Desktop Applications Module 15-SP7 * Development Tools Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves six vulnerabilities can now be installed. ## Description: This update for cups fixes the following issues * CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup (bsc#1261572). * CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (bsc#1261571). * CVE-2026-34979: Heap overflow in `get_options()` (bsc#1261570). * CVE-2026-34980: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network (bsc#1261569). * CVE-2026-39314: negative `job-password-supported` attribute can lead to a denial of service (bsc#1261743). * CVE-2026-39316: dangling subscription pointer can lead to a denial of service (1261742). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2732=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2026-2732=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2732=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-2732=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patchSUSE-SUSE-MicroOS-5.2-2026-2732=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2732=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2732=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2026-2732=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2732=1 * Desktop Applications Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-2732=1 ## Package List: * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.93.1 * cups-debuginfo-2.2.7-150000.3.93.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.93.1 * cups-debugsource-2.2.7-150000.3.93.1 * libcupsmime1-debuginfo-2.2.7-150000.3.93.1 * libcups2-2.2.7-150000.3.93.1 * cups-2.2.7-150000.3.93.1 * libcupsmime1-2.2.7-150000.3.93.1 * cups-client-debuginfo-2.2.7-150000.3.93.1 * libcupscgi1-debuginfo-2.2.7-150000.3.93.1 * libcupsppdc1-2.2.7-150000.3.93.1 * cups-devel-2.2.7-150000.3.93.1 * libcupsimage2-2.2.7-150000.3.93.1 * libcupscgi1-2.2.7-150000.3.93.1 * cups-config-2.2.7-150000.3.93.1 * cups-client-2.2.7-150000.3.93.1 * libcups2-debuginfo-2.2.7-150000.3.93.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * cups-debugsource-2.2.7-150000.3.93.1 * cups-debuginfo-2.2.7-150000.3.93.1 * libcups2-2.2.7-150000.3.93.1 * cups-config-2.2.7-150000.3.93.1 * libcups2-debuginfo-2.2.7-150000.3.93.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * cups-debugsource-2.2.7-150000.3.93.1 * cups-debuginfo-2.2.7-150000.3.93.1 * libcups2-2.2.7-150000.3.93.1 * cups-config-2.2.7-150000.3.93.1 * libcups2-debuginfo-2.2.7-150000.3.93.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * cups-debuginfo-2.2.7-150000.3.93.1 * cups-debugsource-2.2.7-150000.3.93.1 * libcups2-2.2.7-150000.3.93.1 * cups-config-2.2.7-150000.3.93.1 * libcups2-debuginfo-2.2.7-150000.3.93.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * cups-debuginfo-2.2.7-150000.3.93.1 * cups-debugsource-2.2.7-150000.3.93.1 * libcups2-2.2.7-150000.3.93.1 * cups-config-2.2.7-150000.3.93.1 * libcups2-debuginfo-2.2.7-150000.3.93.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * cups-debugsource-2.2.7-150000.3.93.1 * cups-debuginfo-2.2.7-150000.3.93.1 * libcups2-2.2.7-150000.3.93.1 * cups-config-2.2.7-150000.3.93.1 * libcups2-debuginfo-2.2.7-150000.3.93.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * cups-debugsource-2.2.7-150000.3.93.1 * cups-debuginfo-2.2.7-150000.3.93.1 * libcups2-2.2.7-150000.3.93.1 * cups-config-2.2.7-150000.3.93.1 * libcups2-debuginfo-2.2.7-150000.3.93.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * cups-debugsource-2.2.7-150000.3.93.1 * cups-debuginfo-2.2.7-150000.3.93.1 * cups-ddk-2.2.7-150000.3.93.1 * cups-ddk-debuginfo-2.2.7-150000.3.93.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * cups-debuginfo-2.2.7-150000.3.93.1 * cups-debugsource-2.2.7-150000.3.93.1 * libcups2-2.2.7-150000.3.93.1 * cups-config-2.2.7-150000.3.93.1 * libcups2-debuginfo-2.2.7-150000.3.93.1 * Desktop Applications Module 15-SP7 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.93.1 * libcups2-32bit-2.2.7-150000.3.93.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27447.html * https://www.suse.com/security/cve/CVE-2026-34978.html * https://www.suse.com/security/cve/CVE-2026-34979.html * https://www.suse.com/security/cve/CVE-2026-34980.html * https://www.suse.com/security/cve/CVE-2026-39314.html * https://www.suse.com/security/cve/CVE-2026-39316.html * https://bugzilla.suse.com/show_bug.cgi?id=1261569 * https://bugzilla.suse.com/show_bug.cgi?id=1261570 *https://bugzilla.suse.com/show_bug.cgi?id=1261571 * https://bugzilla.suse.com/show_bug.cgi?id=1261572 * https://bugzilla.suse.com/show_bug.cgi?id=1261742 * https://bugzilla.suse.com/show_bug.cgi?id=1261743 . Update available for cups to address multiple issues and improve system security on SUSE. Install the latest patches now!. SUSE updates,CUPS vulnerabilities,security fixes,moderate vulnerabilities,cups security. . Severity: moderate. LinuxSecurity.com Team
An update that solves five vulnerabilities can now be installed.. # Security update for cups Announcement ID: SUSE-SU-2026:2718-1 Release Date: 2026-07-01T10:23:34Z Rating: moderate References: * bsc#1261569 * bsc#1261570 * bsc#1261571 * bsc#1261572 * bsc#1261742 Cross-References: * CVE-2026-27447 * CVE-2026-34978 * CVE-2026-34979 * CVE-2026-34980 * CVE-2026-39316 CVSS scores: * CVE-2026-27447 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N * CVE-2026-27447 ( NVD ): 4.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N * CVE-2026-27447 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N * CVE-2026-34978 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-34978 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-34979 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-34979 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-34980 ( SUSE ): 6.4 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L * CVE-2026-34980 ( NVD ): 6.1 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-34980 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-39316 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-39316 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39316 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-39316 ( NVD ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for cups fixes the following issues * CVE-2026-27447: Authorization bypass viacase-insensitive group-member lookup (bsc#1261572). * CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (bsc#1261571). * CVE-2026-34979: Heap overflow in `get_options()` (bsc#1261570). * CVE-2026-34980: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network (bsc#1261569). * CVE-2026-39316: dangling subscription pointer can lead to a denial of service (bsc#1261742). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2718=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * cups-libs-debuginfo-32bit-1.7.5-20.67.1 * cups-debugsource-1.7.5-20.67.1 * cups-client-1.7.5-20.67.1 * cups-libs-32bit-1.7.5-20.67.1 * cups-libs-1.7.5-20.67.1 * cups-devel-1.7.5-20.67.1 * cups-debuginfo-1.7.5-20.67.1 * cups-libs-debuginfo-1.7.5-20.67.1 * cups-1.7.5-20.67.1 * cups-client-debuginfo-1.7.5-20.67.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27447.html * https://www.suse.com/security/cve/CVE-2026-34978.html * https://www.suse.com/security/cve/CVE-2026-34979.html * https://www.suse.com/security/cve/CVE-2026-34980.html * https://www.suse.com/security/cve/CVE-2026-39316.html * https://bugzilla.suse.com/show_bug.cgi?id=1261569 * https://bugzilla.suse.com/show_bug.cgi?id=1261570 * https://bugzilla.suse.com/show_bug.cgi?id=1261571 * https://bugzilla.suse.com/show_bug.cgi?id=1261572 * https://bugzilla.suse.com/show_bug.cgi?id=1261742 . This update resolves five security issues in cups for SUSE Linux, improving system integrity and performance.. SUSE cups security update, moderate security patch, Linuxvulnerability fix, system integrity improvement, SUSE vulnerability update. . Severity: moderate. LinuxSecurity.com Team
USN-8405-1 introduced a regression in CUPS. ========================================================================== Ubuntu Security Notice USN-8405-2 June 15, 2026 cups regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: USN-8405-1 introduced a regression in CUPS Software Description: - cups: Common UNIX Printing System(tm) Details: USN-8405-1 fixed vulnerabilities in CUPS. The update introduced a regression that cause CUPS to crash when parsing certain large printer PPD files. This update fixes the problem. Original advisory details: Ariel Silver discovered that CUPS incorrectly handled username comparisons during authorization checks. A local attacker could possibly use this issue to gain unauthorized access to restricted operations. (CVE-2026-27447) Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled notify-recipient-uri values in the RSS notifier. A remote attacker could possibly use this issue to overwrite lp-writable files and cause a denial of service. (CVE-2026-34978) Jacob Newman discovered that CUPS incorrectly handled filter option strings when processing job attributes. An attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-34979) Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled page-border values in shared PostScript queues. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-34980) Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled localhost authentication to attacker-controlled IPP services. A local attacker could possibly use this issue to overwrite arbitrary files and execute arbitrary code. (CVE-2026-34990) Tomer Fichman discovered that CUPS incorrectly handled negative job-password-supported values. A localattacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. (CVE-2026-39314) Tomer Fichman discovered that CUPS incorrectly handled temporary printer deletion. An attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service, or to execute arbitrary code. (CVE-2026-39316) Tomer Fichman discovered that CUPS incorrectly handled certain malformed SNMP responses. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-41079) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS cups 2.4.16-1ubuntu1.3 cups-daemon 2.4.16-1ubuntu1.3 Ubuntu 25.10 cups 2.4.12-0ubuntu3.10 cups-daemon 2.4.12-0ubuntu3.10 Ubuntu 24.04 LTS cups 2.4.7-1.2ubuntu7.14 cups-daemon 2.4.7-1.2ubuntu7.14 Ubuntu 22.04 LTS cups 2.4.1op1-1ubuntu4.21 cups-daemon 2.4.1op1-1ubuntu4.21 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8405-2 https://ubuntu.com/security/notices/USN-8405-1 https://launchpad.net/bugs/2156339 Package Information: https://launchpad.net/ubuntu/+source/cups/2.4.16-1ubuntu1.3 https://launchpad.net/ubuntu/+source/cups/2.4.12-0ubuntu3.10 https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.14 https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.21 . ========================================================================== Ubuntu Security Notice US. usn-8405-1, introduced, regression, =========================================================. . Severity: Important. LinuxSecurity.com Team
Security update. Publication date: 12 Jun 2026 URL: https://advisories.mageia.org/MGASA-2026-0201.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-27447, CVE-2026-39314, CVE-2026-39316, CVE-2026-34978, CVE-2026-34979, CVE-2026-34980, CVE-2026-34990 Description: CVE-2026-27447, Authorization bypass via case-insensitive group-member lookup. CVE-2026-39314, Integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported` CVE-2026-39316, Use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer CVE-2026-34978, Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache) CVE-2026-34979, Heap overflow in `get_options()` CVE-2026-34980, Shared PostScript queue lets anonymous Print-Job requests reach `lp`code execution over the network CVE-2026-34990, Local print admin token disclosure using temporary printers. Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users. Out-of-bounds heap read in cupsdSetPrinterAttr marker-types parsing References: - https://bugs.mageia.org/show_bug.cgi?id=35355 - https://www.openwall.com/lists/oss-security/2026/04/08/2 - https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9 - https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr - https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh - https://github.com/OpenPrinting/cups/security/advisories/GHSA-pp8w-2g52-7vj7 - https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg - https://github.com/OpenPrinting/cups/security/advisories/GHSA-qfp8-9frx-5j48 - https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf - https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp - https://www.openwall.com/lists/oss-security/2026/04/17/11 - https://www.cve.org/CVERecord?id=CVE-2026-27447 -https://www.cve.org/CVERecord?id=CVE-2026-39314 - https://www.cve.org/CVERecord?id=CVE-2026-39316 - https://www.cve.org/CVERecord?id=CVE-2026-34978 - https://www.cve.org/CVERecord?id=CVE-2026-34979 - https://www.cve.org/CVERecord?id=CVE-2026-34980 - https://www.cve.org/CVERecord?id=CVE-2026-34990 SRPMS: - 9/core/cups-2.4.6-1.10.mga9 . Mageia 9 cups security advisory addressing critical vulnerabilities for protection against exploits and unauthorized access.. Mageia cups security vulnerabilities update patches. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.