Lucene search

K
slackwareSlackware Linux ProjectSSA-2022-146-01
HistoryMay 26, 2022 - 6:32 p.m.

[slackware-security] cups

2022-05-2618:32:45
Slackware Linux Project
www.slackware.com
14

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.9%

New cups packages are available for Slackware 14.2, 15.0, and -current to
fix a security issue.

Here are the details from the Slackware 15.0 ChangeLog:

patches/packages/cups-2.4.2-i586-1_slack15.0.txz: Upgraded.
Fixed certificate strings comparison for Local authorization.
For more information, see:
https://vulners.com/cve/CVE-2022-26691
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/cups-2.1.4-i586-2_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/cups-2.1.4-x86_64-2_slack14.2.txz

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/cups-2.4.2-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/cups-2.4.2-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/cups-2.4.2-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/cups-2.4.2-x86_64-1.txz

MD5 signatures:

Slackware 14.2 package:
3c17addc71e371da14b766ce85fded16 cups-2.1.4-i586-2_slack14.2.txz

Slackware x86_64 14.2 package:
63388c24be70aefd9622cdae977063dc cups-2.1.4-x86_64-2_slack14.2.txz

Slackware 15.0 package:
ce0065ce10075251b12dcf44017d424f cups-2.4.2-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
a03a14d13bb0836d29367d1c1b4ab147 cups-2.4.2-x86_64-1_slack15.0.txz

Slackware -current package:
7138f3693dda076727141db6947d8fdb ap/cups-2.4.2-i586-1.txz

Slackware x86_64 -current package:
ffba4dd7b2994e9e4b8b8bfc61e5c8c5 ap/cups-2.4.2-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg cups-2.4.2-i586-1_slack15.0.txz

Then, restart the cups server:
> sh /etc/rc.d/rc.cups restart

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

25.9%