Synopsis: Moderate: cups security and bug fix update
Advisory ID: SLSA-2020:1050-1
Issue Date: 2020-04-07
CVE Numbers: CVE-2018-4700
CVE-2018-4180
CVE-2018-4181
—
* cups: Local privilege escalation to root due to insecure environment
variable handling
* cups: Manipulation of cupsd.conf by a local attacker resulting in limited
reads of arbitrary files as root
* cups: Predictable session cookie breaks CSRF protection
—
SL7
x86_64
cups-client-1.6.3-43.el7.x86_64.rpm
cups-libs-1.6.3-43.el7.x86_64.rpm
cups-libs-1.6.3-43.el7.i686.rpm
cups-lpd-1.6.3-43.el7.x86_64.rpm
cups-filesystem-1.6.3-43.el7.noarch.rpm
cups-devel-1.6.3-43.el7.i686.rpm
cups-devel-1.6.3-43.el7.x86_64.rpm
cups-1.6.3-43.el7.x86_64.rpm
cups-debuginfo-1.6.3-43.el7.i686.rpm
cups-debuginfo-1.6.3-43.el7.x86_64.rpm
cups-ipptool-1.6.3-43.el7.x86_64.rpm
noarch
cups-filesystem-1.6.3-43.el7.noarch.rpm
– Scientific Linux Development Team
