oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

cups: 8 various moderate vulnerabilities

From: Zdenek Dohnal <zdohnal () redhat com>
Date: Fri, 17 Apr 2026 15:08:53 +0200
Hi all,
we had several security reports in CUPS which are fixed in the released CUPS 2.4.17:
- no known CVE yet, requested from Github - https://github.com/OpenPrinting/cups/security/advisories/GHSA-6wpw-g8g6-wvrv - Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users - moderate severity
- CVE-2026-39314 - https://github.com/OpenPrinting/cups/security/advisories/GHSA-pp8w-2g52-7vj7 - Integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported` - moderate severity
- CVE-2026-39316 - https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg - Use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer - moderate severity
- CVE-2026-34990 - https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp - Local print admin token disclosure using temporary printers - moderate severity
- CVE-2026-34980 - https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf - Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network - moderate severity
- CVE-2026-34979 - https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh - Heap overflow in `get_options()` - moderate severity
- CVE-2026-34978 - https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr - Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache) - moderate severity
- CVE-2026-27447 - https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9 - Authorization bypass via case-insensitive group-member lookup - moderate severity 

We thank all the researchers for the reports!

Have a nice day,


Zdenek
P.S. I hope you don't mind such bulk email - it was a number of CVEs at the same time, but all relevant information are at the links. 

--
Zdenek Dohnal
Senior Software Engineer
Red Hat, BRQ-TPBC
Previous By Date Next
Previous By Thread Next

Current thread: