- Vulnerability/
- USN-3713-1
USN-3713-1: CUPS vulnerabilities
First published: Wed Jul 11 2018(Updated: )
It was discovered that CUPS incorrectly handled certain print jobs with invalid usernames. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2017-18248) Dan Bastone discovered that the CUPS dnssd backend incorrectly handled certain environment variables. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-4180) Eric Rafaloff and John Dunlap discovered that CUPS incorrectly handled certain include directives. A local attacker could possibly use this issue to read arbitrary files. (CVE-2018-4181) Dan Bastone discovered that the CUPS AppArmor profile incorrectly confined the dnssd backend. A local attacker could possibly use this issue to escape confinement. (CVE-2018-6553)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/cups | <2.2.7-1ubuntu2.1 | 2.2.7-1ubuntu2.1 |
| Ubuntu Ubuntu | =18.04 | |
| All of | ||
| ubuntu/cups | <2.2.4-7ubuntu3.1 | 2.2.4-7ubuntu3.1 |
| Ubuntu Ubuntu | =17.10 | |
| All of | ||
| ubuntu/cups | <2.1.3-4ubuntu0.5 | 2.1.3-4ubuntu0.5 |
| Ubuntu Ubuntu | =16.04 | |
| All of | ||
| ubuntu/cups | <1.7.2-0ubuntu1.10 | 1.7.2-0ubuntu1.10 |
| Ubuntu Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2017-18248
- https://ubuntu.com/security/CVE-2018-4180
- https://ubuntu.com/security/CVE-2018-4181
- https://ubuntu.com/security/CVE-2018-6553
- https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.1
- https://launchpad.net/ubuntu/+source/cups/2.2.4-7ubuntu3.1
- https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.5
- https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.10
- https://ubuntu.com/security/notices/USN-3713-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-3713-1?
The severity of USN-3713-1 is medium.
How does CUPS handle print jobs with invalid usernames?
CUPS may crash when handling print jobs with invalid usernames.
What is the impact of the CUPS vulnerabilities?
The vulnerabilities in CUPS may result in a denial of service.
Which versions of Ubuntu are affected by USN-3713-1?
Ubuntu 14.04 LTS, Ubuntu 17.10, and Ubuntu 18.04 LTS are affected by USN-3713-1.
How do I fix the CUPS vulnerabilities in Ubuntu?
Update the CUPS package to the specified remedy version for your Ubuntu version.
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/title
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/17.10
- version/ubuntu ubuntu/16.04
- version/ubuntu ubuntu/14.04