SUSE-SU-2018:2172-1
- Source
- https://www.suse.com/support/update/announcement/2018/suse-su-20182172-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:2172-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2018:2172-1
- Upstream
- Related
- Published
- 2018-08-02T12:20:13Z
- Modified
- 2025-05-02T04:08:19.596017Z
- Summary
- Security update for cups
- Details
-
This update for cups fixes the following issues:
The following security vulnerabilities were fixed:
- Fixed a local privilege escalation to root and sandbox bypasses in the scheduler
- CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend (bsc#1096405)
- CVE-2018-4181: Limited local file reads as root via cupsd.conf include directive (bsc#1096406)
- CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling (bsc#1096407)
- CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration (bsc#1096408)
- References
-
- https://www.suse.com/support/update/announcement/2018/suse-su-20182172-1/
- https://bugzilla.suse.com/1096405
- https://bugzilla.suse.com/1096406
- https://bugzilla.suse.com/1096407
- https://bugzilla.suse.com/1096408
- https://www.suse.com/security/cve/CVE-2018-4180
- https://www.suse.com/security/cve/CVE-2018-4181
- https://www.suse.com/security/cve/CVE-2018-4182
- https://www.suse.com/security/cve/CVE-2018-4183
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15
cups
Package
- Name
- cups
- Purl
- pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.2.7-3.3.1
Ecosystem specific
{
"binaries": [
{
"cups-devel": "2.2.7-3.3.1",
"cups": "2.2.7-3.3.1",
"libcupscgi1": "2.2.7-3.3.1",
"cups-client": "2.2.7-3.3.1",
"libcupsppdc1": "2.2.7-3.3.1",
"libcupsimage2": "2.2.7-3.3.1",
"libcups2": "2.2.7-3.3.1",
"libcupsmime1": "2.2.7-3.3.1",
"cups-config": "2.2.7-3.3.1"
}
]
}