USN-4105-1

Stephan Zeisberg discovered that the CUPS SNMP backend incorrectly handled encoded ASN.1 inputs. A remote attacker could possibly use this issue to cause CUPS to crash by providing specially crafted network traffic. (CVE-2019-8696, CVE-2019-8675)

It was discovered that CUPS did not properly handle client disconnection events. A local attacker could possibly use this issue to cause a denial of service or disclose memory from the CUPS server.

References

Affected packages

Ubuntu:16.04:LTS / cups

Package

Name: cups
Purl: pkg:deb/ubuntu/cups@2.1.3-4ubuntu0.10?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.3-4ubuntu0.10

Affected versions

2.*

2.1.0-4ubuntu3

2.1.0-5

2.1.0-6

2.1.0-6ubuntu1

2.1.0-7

2.1.2-1

2.1.2-2

2.1.3-1

2.1.3-1build1

2.1.3-3

2.1.3-4

2.1.3-4ubuntu0.2

2.1.3-4ubuntu0.3

2.1.3-4ubuntu0.4

2.1.3-4ubuntu0.5

2.1.3-4ubuntu0.6

2.1.3-4ubuntu0.7

2.1.3-4ubuntu0.8

2.1.3-4ubuntu0.9

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "cups",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "cups-bsd",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "cups-client",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "cups-common",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "cups-core-drivers",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "cups-daemon",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "cups-ipp-utils",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "cups-ppdc",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "cups-server-common",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "libcups2",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "libcups2-dev",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "libcupscgi1",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "libcupscgi1-dev",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "libcupsimage2",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "libcupsimage2-dev",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "libcupsmime1",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "libcupsmime1-dev",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "libcupsppdc1",
            "binary_version": "2.1.3-4ubuntu0.10"
        },
        {
            "binary_name": "libcupsppdc1-dev",
            "binary_version": "2.1.3-4ubuntu0.10"
        }
    ]
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:16.04:LTS",
    "cves": [
        {
            "id": "CVE-2019-8675",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        },
        {
            "id": "CVE-2019-8696",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        }
    ]
}

Ubuntu:18.04:LTS / cups

Package

Name: cups
Purl: pkg:deb/ubuntu/cups@2.2.7-1ubuntu2.7?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.7-1ubuntu2.7

Affected versions

2.*

2.2.4-7ubuntu2

2.2.5-2

2.2.6-2

2.2.6-3

2.2.6-4

2.2.6-5

2.2.7-1ubuntu1

2.2.7-1ubuntu2

2.2.7-1ubuntu2.1

2.2.7-1ubuntu2.2

2.2.7-1ubuntu2.3

2.2.7-1ubuntu2.4

2.2.7-1ubuntu2.5

2.2.7-1ubuntu2.6

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "cups",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "cups-bsd",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "cups-client",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "cups-common",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "cups-core-drivers",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "cups-daemon",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "cups-ipp-utils",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "cups-ppdc",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "cups-server-common",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "libcups2",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "libcups2-dev",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "libcupscgi1",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "libcupsimage2",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "libcupsimage2-dev",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "libcupsmime1",
            "binary_version": "2.2.7-1ubuntu2.7"
        },
        {
            "binary_name": "libcupsppdc1",
            "binary_version": "2.2.7-1ubuntu2.7"
        }
    ]
}

Database specific

cves_map

{
    "ecosystem": "Ubuntu:18.04:LTS",
    "cves": [
        {
            "id": "CVE-2019-8675",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        },
        {
            "id": "CVE-2019-8696",
            "severity": [
                {
                    "type": "CVSS_V3",
                    "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
                },
                {
                    "type": "Ubuntu",
                    "score": "medium"
                }
            ]
        }
    ]
}