{
  "schema_version": "1.7.0",
  "id": "MGASA-2026-0201",
  "published": "2026-06-12T23:28:19Z",
  "modified": "2026-06-12T22:35:36Z",
  "summary": "Updated cups packages fix security vulnerabilities",
  "details": "CVE-2026-27447, Authorization bypass via case-insensitive group-member\nlookup.\nCVE-2026-39314, Integer underflow in `_ppdCreateFromIPP` causes root\ncupsd crash via negative `job-password-supported`\nCVE-2026-39316, Use-after-free in `cupsdDeleteTemporaryPrinters` via\ndangling subscription pointer\nCVE-2026-34978, Path traversal in RSS notify-recipient-uri enables file\nwrite outside CacheDir/rss (and clobbering of job.cache)\nCVE-2026-34979, Heap overflow in `get_options()`\nCVE-2026-34980, Shared PostScript queue lets anonymous Print-Job\nrequests reach `lp`code execution over the network\nCVE-2026-34990, Local print admin token disclosure using temporary\nprinters.\nHeap out-of-bounds read in SNMP supply-level polling leaks stack memory\nto authenticated users.\nOut-of-bounds heap read in cupsdSetPrinterAttr marker-types parsing  \n",
  "upstream": [
    "CVE-2026-27447",
    "CVE-2026-39314",
    "CVE-2026-39316",
    "CVE-2026-34978",
    "CVE-2026-34979",
    "CVE-2026-34980",
    "CVE-2026-34990"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2026-0201.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=35355"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/04/08/2"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pp8w-2g52-7vj7"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-qfp8-9frx-5j48"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2026/04/17/11"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "cups",
        "purl": "pkg:rpm/mageia/cups?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.6-1.10.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}