Advisories » MGASA-2018-0224

Updated cups packages fix security vulnerability

Publication date: 09 May 2018
Modification date: 09 May 2018
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-18248

Description

CUPS before version 2.2.6 has a vulnerability in the handling of
usernames in the scheduler/ipp.c:add_job() function. A remote attacker
could exploit this by submitting a print job with an invalid UTF-8
username to cause a crash and subsequent denial of service
(CVE-2017-18248).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22877
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IGQ3XXPAM2RKAOIEXMCKKNICIKDLKWE2/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18248

SRPMS

5/core

• cups-2.0.4-1.5.mga5