[SECURITY] [DLA 2237-1] cups security update

2020-06-0716:27:26

lists.debian.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

11.8%

JSON

Package : cups
Version : 1.7.5-11+deb8u8
CVE ID : CVE-2019-8842 CVE-2020-3898

The following CVE(s) were reported against src:cups.

CVE-2019-8842

The `ippReadIO` function may under-read an extension field.

CVE-2020-3898

There was a heap based buffer overflow in libcups&#x27;s
ppdFindOption() in ppd-mark.c.
The `ppdOpen` function did not handle invalid UI constraint.
`ppdcSource::get_resolution` function did not handle invalid
resolution strings.

For Debian 8 "Jessie", these problems have been fixed in version
1.7.5-11+deb8u8.

We recommend that you upgrade your cups packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Best,
Utkarsh

OSVersionArchitecturePackageVersionFilename
Debian9armelcups-ppdc-dbgsym< 2.2.1-8+deb9u6cups-ppdc-dbgsym_2.2.1-8+deb9u6_armel.deb
Debian8armelcups-core-drivers< 1.7.5-11+deb8u8cups-core-drivers_1.7.5-11+deb8u8_armel.deb
Debian10s390xcups-bsd-dbgsym< 2.2.10-6+deb10u3cups-bsd-dbgsym_2.2.10-6+deb10u3_s390x.deb
Debian10arm64cups-ppdc-dbgsym< 2.2.10-6+deb10u3cups-ppdc-dbgsym_2.2.10-6+deb10u3_arm64.deb
Debian9arm64cups-dbgsym< 2.2.1-8+deb9u6cups-dbgsym_2.2.1-8+deb9u6_arm64.deb
Debian10i386cups-ipp-utils-dbgsym< 2.2.10-6+deb10u3cups-ipp-utils-dbgsym_2.2.10-6+deb10u3_i386.deb
Debian10arm64cups-ipp-utils< 2.2.10-6+deb10u3cups-ipp-utils_2.2.10-6+deb10u3_arm64.deb
Debian9i386cups-dbgsym< 2.2.1-8+deb9u6cups-dbgsym_2.2.1-8+deb9u6_i386.deb
Debian9s390xcups-ppdc< 2.2.1-8+deb9u6cups-ppdc_2.2.1-8+deb9u6_s390x.deb
Debian9arm64libcupsimage2< 2.2.1-8+deb9u6libcupsimage2_2.2.1-8+deb9u6_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	armel	cups-ppdc-dbgsym	< 2.2.1-8+deb9u6	cups-ppdc-dbgsym_2.2.1-8+deb9u6_armel.deb
Debian	8	armel	cups-core-drivers	< 1.7.5-11+deb8u8	cups-core-drivers_1.7.5-11+deb8u8_armel.deb
Debian	10	s390x	cups-bsd-dbgsym	< 2.2.10-6+deb10u3	cups-bsd-dbgsym_2.2.10-6+deb10u3_s390x.deb
Debian	10	arm64	cups-ppdc-dbgsym	< 2.2.10-6+deb10u3	cups-ppdc-dbgsym_2.2.10-6+deb10u3_arm64.deb
Debian	9	arm64	cups-dbgsym	< 2.2.1-8+deb9u6	cups-dbgsym_2.2.1-8+deb9u6_arm64.deb
Debian	10	i386	cups-ipp-utils-dbgsym	< 2.2.10-6+deb10u3	cups-ipp-utils-dbgsym_2.2.10-6+deb10u3_i386.deb
Debian	10	arm64	cups-ipp-utils	< 2.2.10-6+deb10u3	cups-ipp-utils_2.2.10-6+deb10u3_arm64.deb
Debian	9	i386	cups-dbgsym	< 2.2.1-8+deb9u6	cups-dbgsym_2.2.1-8+deb9u6_i386.deb
Debian	9	s390x	cups-ppdc	< 2.2.1-8+deb9u6	cups-ppdc_2.2.1-8+deb9u6_s390x.deb
Debian	9	arm64	libcupsimage2	< 2.2.1-8+deb9u6	libcupsimage2_2.2.1-8+deb9u6_arm64.deb