Ubuntu alert USN-5454-2 (cups)
| From: | "Leonidas S. Barbosa" <leo.barbosa@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-5454-2] CUPS vulnerabilities | |
| Date: | Tue, 31 May 2022 17:54:41 -0300 | |
| Message-ID: | <20220531205441.GA4108259@d4rkl41n> |
========================================================================== Ubuntu Security Notice USN-5454-2 May 31, 2022 cups vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in CUPS. Software Description: - cups: Common UNIX Printing System(tm) Details: USN-5454-1 fixed several vulnerabilities in CUPS. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Joshua Mason discovered that CUPS incorrectly handled the secret key used to access the administrative web interface. A remote attacker could possibly use this issue to open a session as an administrator and execute arbitrary code. (CVE-2022-26691) It was discovered that CUPS incorrectly handled certain memory operations when handling IPP printing. A remote attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-8842, CVE-2020-10001) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: cups 2.1.3-4ubuntu0.11+esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5454-2 https://ubuntu.com/security/notices/USN-5454-1 CVE-2019-8842, CVE-2020-10001, CVE-2022-26691