You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa cups

Sigurnosni nedostatak programskog paketa cups

by - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3842-1
December 10, 2018

cups vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

CUPS could be made to expose sensitive information.

Software Description:
– cups: Common UNIX Printing System(tm)

Details:

Jann Horn discovered that CUPS incorrectly handled session cookie
randomness. A remote attacker could possibly use this issue to perform
cross-site request forgery (CSRF) attacks.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
cups 2.2.8-5ubuntu1.1

Ubuntu 18.04 LTS:
cups 2.2.7-1ubuntu2.2

Ubuntu 16.04 LTS:
cups 2.1.3-4ubuntu0.6

Ubuntu 14.04 LTS:
cups 1.7.2-0ubuntu1.11

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3842-1
CVE-2018-4700

Package Information:
https://launchpad.net/ubuntu/+source/cups/2.2.8-5ubuntu1.1
https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.2
https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.6
https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.11

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlwOmrEACgkQZWnYVadE
vpNVpg/5AeBd1WzDHfWiM8TzsUqGFrJSQj0aXUGb9s6277AlE13In78fWQj0y7Eu
qpRG9Z+xmdCvarb9U+luYRKPusPjchew2PsDUS3ceOQyP4lRM9BG+EUevg57JJlK
nfPHtj7aspmaZMN6M4L9hLcnDLz5fcP9MrOzgYWDsuh3UHiQSWEHVAlJtcQwW34O
4FqcPM/gnk6NbmfdUsY06vZMQBEOjEp2K7Q+gdeaO43M9NWQO1zdmHD4ap/22pz4
UvM6mzuTyMVfxTwakEhWIFUti6SfYFX3sdpf2eq24vaQ+QLfmPi95nQwZ2Un1oW/
lnO8fy9DygJIHNmGfkhD4meDxk0/4FdMRNB8qxXwpYyyO0A7pKAzl/yh5fTpFlWy
93AnMBxEj3gVRLid9LheF8CLWPIc+HByG6b61w3pjQeLI84NylU60UBoxVf9/KaM
bT0IdDL1sq6noJej4uc6d+FtWIXqF14XUvCQeGDBi0iPNAMzq31uIOzX5SpXIvXr
6+Gjh24l4luw5p4zbWHiwMIAx1XpPFE61qhoZtDnEClsQ6TzzIiZ9bxplQfAilTW
QZ4vrLaj4sFceVVcowqqkUdME9fwKSXWo9nZ9hXtXncfB0Pv1UtWiO7Q0A1T3Q2h
syq3H/HBpE4KxAtY71V+lSPqebw+mIeJ3V0PVjIPslP80H4mnaQ=
=/zDh
—–END PGP SIGNATURE—–

AutorToni Vugdelija
Cert idNCERT-REF-2018-12-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programske biblioteke lxml

Otkriven je sigurnosni nedostatak programske biblioteke lxml za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje XSS napada. Savjetuje...

Close