CLSA-2026-1779436377 cups: Fix of CVE-2026-27447

CVE-2026-27447: fix authorization bypass in cupsd by replacing case-insensitive username comparisons with byte-exact strcmp against pw-pwname; also include upstream follow-up commit 849fba7d "Fix unauthenticated print policies", Issue 1557 to restore behavior for CUPSDAUTHNONE policies with named...

Astra Linux - уязвимость в cups

OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connected to cupsd but sent very slow messages—for example, only one byte per second—could delay cupsd as a whole, rendering it unusable for other clients...

CLSA-2026-1778253061 Fix CVE(s): CVE-2026-27447

SECURITY UPDATE: fix authorization bypass in cupsd caused by case-insensitive comparison of local user and group names. - debian/patches/CVE-2026-27447.patch: compare usernames against the canonical pwname from getpwnam with strcmp in cupsdCheckGroup and cupsdIsAuthorized in scheduler/auth.c;...

CLSA-2026-1777392877 cups: Fix of CVE-2026-34980

CVE-2026-34980: filter control characters from IPP option values and allowlist PPD keywords returned by filters so a remote attacker cannot inject cupsFilter/cupsFilter2 entries on a shared PostScript queue and gain code execution as the cupsd user...

OESA-2026-1930 cups security update

CUPS is the standards-based, open source printing system developed by Apple Inc. for UNIX®-like operating systems. CUPS uses the Internet Printing Protocol IPP to support printing to local and network printers. Security Fixes: OpenPrinting CUPS is an open source printing system for Linux and othe...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: cups (UTSA-2026-007174)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007174 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coer...

CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported`

...

SUSE CVE-2026-39314

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in ppdCreateFromIPP cups/ppd-cache.c allows any unprivileged local user to crash the cupsd root process by supplying a negative...

CVE-2026-39314

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in ppdCreateFromIPP cups/ppd-cache.c allows any unprivileged local user to crash the cupsd root process by supplying a negative...

ALPINE-CVE-2026-39314

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in ppdCreateFromIPP cups/ppd-cache.c allows any unprivileged local user to crash the cupsd root process by supplying a negative...

CVE-2026-39314

OpenPrinting CUPS (CVE-2026-39314) is vulnerable in versions 2.4.16 and prior. The root cause is an integer underflow in _ppdCreateFromIPP (cups/ppd-cache.c): a negative job-password-supported IPP attribute passes bounds checks, is cast to size_t, and is used as a length in memset() on a 33-byte ...

CVE-2026-39314 CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported`

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in ppdCreateFromIPP cups/ppd-cache.c allows any unprivileged local user to crash the cupsd root process by supplying a negative...

PT-2026-30924

Name of the Vulnerable Software and Affected Versions OpenPrinting CUPS versions 2.4.16 and prior Description OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. An integer underflow in the ppdCreateFromIPP function cups/ppd-cache.c allows a local...

Linux Distros Unpatched Vulnerability : CVE-2026-34980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd wi...

CVE-2026-34990

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...

CVE-2026-34980

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: cups (UTSA-2026-005326)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005326 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sen...

CLSA-2026-1769693558 cups: Fix of CVE-2025-58436

CVE-2025-58436: fix issue where slow messages could delay cupsd...

MiracleLinux 8 : cups-2.2.6-66.el8_10 (AXSA:2026-042:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-042:02 advisory. CUPS: Local denial-of-service via cupsd.conf update and related issues CVE-2025-61915 cups: Slow client communication leads to a possible DoS attack...

MiracleLinux 7 : cups-1.6.3-43.el7 (AXSA:2020-4559:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4559:02 advisory. cups: Local privilege escalation to root due to insecure environment variable handling CVE-2018-4180 cups: Manipulation of cupsd.conf by a local...