cups-1.6.3-43.el7

エラータID: AXSA:2020-4559:02

Release date: 
Thursday, April 2, 2020 - 07:46
Subject: 
cups-1.6.3-43.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.

Security Fix(es):

* cups: Local privilege escalation to root due to insecure environment variable handling (CVE-2018-4180)

* cups: Manipulation of cupsd.conf by a local attacker resulting in limited reads of arbitrary files as root (CVE-2018-4181)

* cups: Predictable session cookie breaks CSRF protection (CVE-2018-4700)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.8 Release Notes linked from the References section.

CVE-2018-4180
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
CVE-2018-4181
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
CVE-2018-4700
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Solution: 

Update packages.

CVEs: 
CVE-2018-4180
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
CVE-2018-4181
In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.
CVE-2018-4700
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Additional Info: 

N/A

Download: 

SRPMS
  1. cups-1.6.3-43.el7.src.rpm
    MD5: 90b4f5677f755ab88d4f2c203081a83a
    SHA-256: 06fc5ddf3889947e75679bf792f71ac5e5c660448c948de9254a840c100297db
    Size: 8.10 MB

Asianux Server 7 for x86_64
  1. cups-1.6.3-43.el7.x86_64.rpm
    MD5: 18db384dad8d1e480af02d5e58cdc651
    SHA-256: 8af1780993661030beb5109454effb670fab3269978c7ceeb68666e7ab15e012
    Size: 1.28 MB
  2. cups-client-1.6.3-43.el7.x86_64.rpm
    MD5: c8b323d9567757eaa151a96c86d93a45
    SHA-256: d592dd4eaa4e9da95c847a1c3215ee8705866ae5d8b7ac7d1f79ee41714523e2
    Size: 150.78 kB
  3. cups-devel-1.6.3-43.el7.x86_64.rpm
    MD5: 4b8fc69240ff812b16c6f232e2b9e333
    SHA-256: de175030401814c3733c29f225319f73d479bc70562308cf28a851dbef09a56b
    Size: 131.87 kB
  4. cups-filesystem-1.6.3-43.el7.noarch.rpm
    MD5: fd26797dbbbe35bf9d84c27c21facf0d
    SHA-256: a3106e3912d863ef2f8de9e0cbdd1292ef1aba7de273abc8a5622a446302d340
    Size: 95.88 kB
  5. cups-libs-1.6.3-43.el7.x86_64.rpm
    MD5: 9e018d9a203da08233c3484f78521793
    SHA-256: b6a2f2506436debe7d056edaf871f7c415a87b09be5b68b3329ca4cb5bbe0386
    Size: 357.03 kB
  6. cups-lpd-1.6.3-43.el7.x86_64.rpm
    MD5: b3a5cb48f497d1a36e7a5c6005aaa851
    SHA-256: 67abc0356cde6dc3d9c17a3474130b0807fc2f751749978d897c060d6daf924c
    Size: 106.98 kB
  7. cups-devel-1.6.3-43.el7.i686.rpm
    MD5: 27c68115b06e386d2db1469da4eea3c8
    SHA-256: deed830524f0fe424dbb9ba3e8d0eb55489de167af0806eec220f1f9829c6b5e
    Size: 131.88 kB
  8. cups-libs-1.6.3-43.el7.i686.rpm
    MD5: d9202173bb96cbe3a82405529207fac0
    SHA-256: b606d67125773d4a06426d7fe515dfb6bd222a8ce711fa555e9f1eaf96db43cc
    Size: 359.08 kB