Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-61915 (GCVE-0-2025-61915)
Vulnerability from cvelistv5 – Published: 2025-11-29 02:15 – Updated: 2025-12-03 15:52
VLAI
EPSS
Title
OpenPrinting CUPS vulnerable to stack based out-of-bound write
Summary
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.
Severity
6 (Medium)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/OpenPrinting/cups/security/adv… | x_refsource_CONFIRM |
| https://github.com/OpenPrinting/cups/commit/db8d5… | x_refsource_MISC |
| https://github.com/OpenPrinting/cups/releases/tag… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenPrinting | cups |
Affected:
< 2.4.15
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-29T02:34:46.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/27/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-61915",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T15:52:31.413369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T15:52:35.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cups",
"vendor": "OpenPrinting",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129: Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-124",
"description": "CWE-124: Buffer Underwrite (\u0027Buffer Underflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-29T02:15:39.913Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc"
},
{
"name": "https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0"
},
{
"name": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15"
}
],
"source": {
"advisory": "GHSA-hxm8-vfpq-jrfc",
"discovery": "UNKNOWN"
},
"title": "OpenPrinting CUPS vulnerable to stack based out-of-bound write"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-61915",
"datePublished": "2025-11-29T02:15:39.913Z",
"dateReserved": "2025-10-03T22:21:59.614Z",
"dateUpdated": "2025-12-03T15:52:35.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-61915",
"date": "2026-05-25",
"epss": "0.00048",
"percentile": "0.14978"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-61915\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-11-29T03:15:59.520\",\"lastModified\":\"2025-12-04T17:15:19.827\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-124\"},{\"lang\":\"en\",\"value\":\"CWE-129\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.15\",\"matchCriteriaId\":\"3D93D152-B5C1-4CD1-B7E9-785A55F3BE93\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A90CB3A-9BE7-475C-9E75-6ECAD2106302\"}]}]}],\"references\":[{\"url\":\"https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/OpenPrinting/cups/releases/tag/v2.4.15\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/11/27/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/11/27/5\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-29T02:34:46.323Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-61915\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-03T15:52:31.413369Z\"}}}], \"references\": [{\"url\": \"https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-03T15:52:27.440Z\"}}], \"cna\": {\"title\": \"OpenPrinting CUPS vulnerable to stack based out-of-bound write\", \"source\": {\"advisory\": \"GHSA-hxm8-vfpq-jrfc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"OpenPrinting\", \"product\": \"cups\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.4.15\"}]}], \"references\": [{\"url\": \"https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc\", \"name\": \"https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0\", \"name\": \"https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenPrinting/cups/releases/tag/v2.4.15\", \"name\": \"https://github.com/OpenPrinting/cups/releases/tag/v2.4.15\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-129\", \"description\": \"CWE-129: Improper Validation of Array Index\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-124\", \"description\": \"CWE-124: Buffer Underwrite (\u0027Buffer Underflow\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-11-29T02:15:39.913Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-61915\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-03T15:52:35.319Z\", \"dateReserved\": \"2025-10-03T22:21:59.614Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-11-29T02:15:39.913Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-1064
Vulnerability from certfr_avis - Published: 2025-12-04 - Updated: 2025-12-04
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 cups 2.3.3op2-10 | ||
| Microsoft | N/A | cbl2 grub2 2.06-15 | ||
| Microsoft | N/A | cbl2 nodejs18 18.20.3-9 | ||
| Microsoft | N/A | cbl2 fluent-bit versions antérieures à 3.0.6-5 | ||
| Microsoft | N/A | azl3 kernel versions antérieures à 6.6.117.1-1 | ||
| Microsoft | N/A | azl3 kubevirt 1.5.0-5 | ||
| Microsoft | N/A | cbl2 python-tensorboard 2.11.0-3 | ||
| Microsoft | N/A | azl3 nodejs 20.14.0-9 | ||
| Microsoft | N/A | azl3 glib versions antérieures à 2.78.6-5 | ||
| Microsoft | N/A | azl3 grub2 2.06-25 | ||
| Microsoft | N/A | azl3 libxslt 1.1.43-1 | ||
| Microsoft | N/A | azl3 expat 2.6.4-2 | ||
| Microsoft | N/A | azl3 python-tensorboard 2.16.2-6 | ||
| Microsoft | N/A | cbl2 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | cbl2 libxslt 1.1.34-8 | ||
| Microsoft | N/A | azl3 cups 2.4.13-1 | ||
| Microsoft | N/A | cbl2 haproxy versions antérieures à 2.4.24-2 | ||
| Microsoft | N/A | cbl2 kernel 5.15.186.1-1 | ||
| Microsoft | N/A | azl3 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | azl3 haproxy versions antérieures à 2.9.11-4 | ||
| Microsoft | N/A | azl3 tensorflow 2.16.1-9 | ||
| Microsoft | N/A | azl3 fluent-bit 3.1.9-6 | ||
| Microsoft | N/A | azl3 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | azl3 keras 3.3.3-5 | ||
| Microsoft | N/A | cbl2 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | cbl2 glib versions antérieures à 2.71.0-8 | ||
| Microsoft | N/A | cbl2 kubevirt versions antérieures à 0.59.0-31 | ||
| Microsoft | N/A | azl3 libvirt versions antérieures à 10.0.0-6 | ||
| Microsoft | N/A | cbl2 reaper 3.1.1-19 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 cups 2.3.3op2-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 grub2 2.06-15",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 nodejs18 18.20.3-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 fluent-bit versions ant\u00e9rieures \u00e0 3.0.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel versions ant\u00e9rieures \u00e0 6.6.117.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kubevirt 1.5.0-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 nodejs 20.14.0-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 glib versions ant\u00e9rieures \u00e0 2.78.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 grub2 2.06-25",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libxslt 1.1.43-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 expat 2.6.4-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libxslt 1.1.34-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 cups 2.4.13-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 haproxy versions ant\u00e9rieures \u00e0 2.4.24-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kernel 5.15.186.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 haproxy versions ant\u00e9rieures \u00e0 2.9.11-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 fluent-bit 3.1.9-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 keras 3.3.3-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 glib versions ant\u00e9rieures \u00e0 2.71.0-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kubevirt versions ant\u00e9rieures \u00e0 0.59.0-31",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libvirt versions ant\u00e9rieures \u00e0 10.0.0-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 reaper 3.1.1-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2025-13226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
},
{
"name": "CVE-2025-13193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13193"
},
{
"name": "CVE-2025-54770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54770"
},
{
"name": "CVE-2025-61915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61915"
},
{
"name": "CVE-2025-61662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61662"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-12977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12977"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-61663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61663"
},
{
"name": "CVE-2025-66382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
},
{
"name": "CVE-2025-12970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12970"
},
{
"name": "CVE-2025-12638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12638"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-38656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38656"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-40210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40210"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-64704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64704"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-64713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64713"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2025-13230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-54771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54771"
},
{
"name": "CVE-2025-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40211"
},
{
"name": "CVE-2025-13227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
},
{
"name": "CVE-2025-64324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64324"
},
{
"name": "CVE-2025-12969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12969"
},
{
"name": "CVE-2025-11230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11230"
},
{
"name": "CVE-2025-61661",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61661"
},
{
"name": "CVE-2022-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50233"
},
{
"name": "CVE-2025-61664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61664"
}
],
"initial_release_date": "2025-12-04T00:00:00",
"last_revision_date": "2025-12-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1064",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61661",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61661"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13230"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40210",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40210"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13227"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61915",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61915"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64720",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64720"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12816",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12816"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64704",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64704"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54770",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54770"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11731",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11731"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66221",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66221"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13601",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13601"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64713",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64713"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-65018",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65018"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66030",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66030"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40211",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40211"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50233",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50233"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66382",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61664",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61664"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58436",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13193",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13193"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61662",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61662"
},
{
"published_at": "2025-11-28",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-38656",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11230"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54771",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54771"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13226",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13226"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12638",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12638"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12970",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12970"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66031",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66031"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12977",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12977"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61663",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61663"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12969",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12969"
},
{
"published_at": "2025-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64324"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64506",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64506"
},
{
"published_at": "2025-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-10158",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10158"
},
{
"published_at": "2025-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64505",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64505"
}
]
}
CERTFR-2025-AVI-1064
Vulnerability from certfr_avis - Published: 2025-12-04 - Updated: 2025-12-04
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | cbl2 cups 2.3.3op2-10 | ||
| Microsoft | N/A | cbl2 grub2 2.06-15 | ||
| Microsoft | N/A | cbl2 nodejs18 18.20.3-9 | ||
| Microsoft | N/A | cbl2 fluent-bit versions antérieures à 3.0.6-5 | ||
| Microsoft | N/A | azl3 kernel versions antérieures à 6.6.117.1-1 | ||
| Microsoft | N/A | azl3 kubevirt 1.5.0-5 | ||
| Microsoft | N/A | cbl2 python-tensorboard 2.11.0-3 | ||
| Microsoft | N/A | azl3 nodejs 20.14.0-9 | ||
| Microsoft | N/A | azl3 glib versions antérieures à 2.78.6-5 | ||
| Microsoft | N/A | azl3 grub2 2.06-25 | ||
| Microsoft | N/A | azl3 libxslt 1.1.43-1 | ||
| Microsoft | N/A | azl3 expat 2.6.4-2 | ||
| Microsoft | N/A | azl3 python-tensorboard 2.16.2-6 | ||
| Microsoft | N/A | cbl2 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | cbl2 libxslt 1.1.34-8 | ||
| Microsoft | N/A | azl3 cups 2.4.13-1 | ||
| Microsoft | N/A | cbl2 haproxy versions antérieures à 2.4.24-2 | ||
| Microsoft | N/A | cbl2 kernel 5.15.186.1-1 | ||
| Microsoft | N/A | azl3 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | azl3 haproxy versions antérieures à 2.9.11-4 | ||
| Microsoft | N/A | azl3 tensorflow 2.16.1-9 | ||
| Microsoft | N/A | azl3 fluent-bit 3.1.9-6 | ||
| Microsoft | N/A | azl3 rsync versions antérieures à 3.4.1-2 | ||
| Microsoft | N/A | azl3 keras 3.3.3-5 | ||
| Microsoft | N/A | cbl2 libpng versions antérieures à 1.6.51-1 | ||
| Microsoft | N/A | cbl2 glib versions antérieures à 2.71.0-8 | ||
| Microsoft | N/A | cbl2 kubevirt versions antérieures à 0.59.0-31 | ||
| Microsoft | N/A | azl3 libvirt versions antérieures à 10.0.0-6 | ||
| Microsoft | N/A | cbl2 reaper 3.1.1-19 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "cbl2 cups 2.3.3op2-10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 grub2 2.06-15",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 nodejs18 18.20.3-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 fluent-bit versions ant\u00e9rieures \u00e0 3.0.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel versions ant\u00e9rieures \u00e0 6.6.117.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kubevirt 1.5.0-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 nodejs 20.14.0-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 glib versions ant\u00e9rieures \u00e0 2.78.6-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 grub2 2.06-25",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libxslt 1.1.43-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 expat 2.6.4-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libxslt 1.1.34-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 cups 2.4.13-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 haproxy versions ant\u00e9rieures \u00e0 2.4.24-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kernel 5.15.186.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 haproxy versions ant\u00e9rieures \u00e0 2.9.11-4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 fluent-bit 3.1.9-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 rsync versions ant\u00e9rieures \u00e0 3.4.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 keras 3.3.3-5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 libpng versions ant\u00e9rieures \u00e0 1.6.51-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 glib versions ant\u00e9rieures \u00e0 2.71.0-8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 kubevirt versions ant\u00e9rieures \u00e0 0.59.0-31",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 libvirt versions ant\u00e9rieures \u00e0 10.0.0-6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 reaper 3.1.1-19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-58436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2025-11731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11731"
},
{
"name": "CVE-2025-13226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13226"
},
{
"name": "CVE-2025-13193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13193"
},
{
"name": "CVE-2025-54770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54770"
},
{
"name": "CVE-2025-61915",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61915"
},
{
"name": "CVE-2025-61662",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61662"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-12977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12977"
},
{
"name": "CVE-2025-64505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
},
{
"name": "CVE-2025-61663",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61663"
},
{
"name": "CVE-2025-66382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66382"
},
{
"name": "CVE-2025-12970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12970"
},
{
"name": "CVE-2025-12638",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12638"
},
{
"name": "CVE-2025-64506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
},
{
"name": "CVE-2025-38656",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38656"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2025-40210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40210"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2025-64704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64704"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-10158",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10158"
},
{
"name": "CVE-2025-64713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64713"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2025-13230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13230"
},
{
"name": "CVE-2025-13601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
},
{
"name": "CVE-2025-54771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54771"
},
{
"name": "CVE-2025-40211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40211"
},
{
"name": "CVE-2025-13227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13227"
},
{
"name": "CVE-2025-64324",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64324"
},
{
"name": "CVE-2025-12969",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12969"
},
{
"name": "CVE-2025-11230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11230"
},
{
"name": "CVE-2025-61661",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61661"
},
{
"name": "CVE-2022-50233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50233"
},
{
"name": "CVE-2025-61664",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61664"
}
],
"initial_release_date": "2025-12-04T00:00:00",
"last_revision_date": "2025-12-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1064",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-12-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61661",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61661"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13230"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40210",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40210"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13227",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13227"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61915",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61915"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64720",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64720"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12816",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12816"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64704",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64704"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54770",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54770"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11731",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11731"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66221",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66221"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13601",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13601"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64713",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64713"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-65018",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65018"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66030",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66030"
},
{
"published_at": "2025-11-22",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40211",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40211"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50233",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50233"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66382",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66382"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61664",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61664"
},
{
"published_at": "2025-11-30",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-58436",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-58436"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13193",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13193"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61662",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61662"
},
{
"published_at": "2025-11-28",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-38656",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-38656"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11230",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11230"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-54771",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-54771"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-13226",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-13226"
},
{
"published_at": "2025-12-03",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12638",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12638"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12970",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12970"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-66031",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-66031"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12977",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12977"
},
{
"published_at": "2025-11-21",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61663",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61663"
},
{
"published_at": "2025-11-29",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-12969",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12969"
},
{
"published_at": "2025-11-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64324",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64324"
},
{
"published_at": "2025-11-27",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64506",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64506"
},
{
"published_at": "2025-11-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-10158",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10158"
},
{
"published_at": "2025-11-26",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-64505",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64505"
}
]
}
alsa-2026:0312
Vulnerability from osv_almalinux
Published
2026-01-08 00:00
Modified
2026-01-16 15:40
Summary
Moderate: cups security update
Details
The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.
Security Fix(es):
- CUPS: Local denial-of-service via cupsd.conf update and related issues (CVE-2025-61915)
- cups: Slow client communication leads to a possible DoS attack (CVE-2025-58436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "cups"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.3.3op2-34.el9_7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "cups-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.3.3op2-34.el9_7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "cups-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.3.3op2-34.el9_7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "cups-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.3.3op2-34.el9_7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "cups-ipptool"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.3.3op2-34.el9_7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "cups-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.3.3op2-34.el9_7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "cups-lpd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.3.3op2-34.el9_7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "cups-printerapp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.3.3op2-34.el9_7.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. \n\nSecurity Fix(es): \n\n * CUPS: Local denial-of-service via cupsd.conf update and related issues (CVE-2025-61915)\n * cups: Slow client communication leads to a possible DoS attack (CVE-2025-58436)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:0312",
"modified": "2026-01-16T15:40:37Z",
"published": "2026-01-08T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:0312"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-58436"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-61915"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2416039"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2416040"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2026-0312.html"
}
],
"related": [
"CVE-2025-61915",
"CVE-2025-58436"
],
"summary": "Moderate: cups security update"
}
alsa-2026:0464
Vulnerability from osv_almalinux
Published
2026-01-12 00:00
Modified
2026-01-16 15:20
Summary
Moderate: cups security update
Details
The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.
Security Fix(es):
- CUPS: Local denial-of-service via cupsd.conf update and related issues (CVE-2025-61915)
- cups: Slow client communication leads to a possible DoS attack (CVE-2025-58436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "cups"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.4.10-12.el10_1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "cups-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.4.10-12.el10_1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "cups-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.4.10-12.el10_1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "cups-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.4.10-12.el10_1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "cups-ipptool"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.4.10-12.el10_1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "cups-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.4.10-12.el10_1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "cups-lpd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.4.10-12.el10_1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:10",
"name": "cups-printerapp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.4.10-12.el10_1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. \n\nSecurity Fix(es): \n\n * CUPS: Local denial-of-service via cupsd.conf update and related issues (CVE-2025-61915)\n * cups: Slow client communication leads to a possible DoS attack (CVE-2025-58436)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:0464",
"modified": "2026-01-16T15:20:45Z",
"published": "2026-01-12T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:0464"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-58436"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-61915"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2416039"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2416040"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/10/ALSA-2026-0464.html"
}
],
"related": [
"CVE-2025-61915",
"CVE-2025-58436"
],
"summary": "Moderate: cups security update"
}
alsa-2026:0596
Vulnerability from osv_almalinux
Published
2026-01-14 00:00
Modified
2026-01-16 14:59
Summary
Moderate: cups security update
Details
The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.
Security Fix(es):
- CUPS: Local denial-of-service via cupsd.conf update and related issues (CVE-2025-61915)
- cups: Slow client communication leads to a possible DoS attack (CVE-2025-58436)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cups"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.2.6-66.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cups-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.2.6-66.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cups-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.2.6-66.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cups-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.2.6-66.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cups-ipptool"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.2.6-66.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cups-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.2.6-66.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "cups-lpd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.2.6-66.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. \n\nSecurity Fix(es): \n\n * CUPS: Local denial-of-service via cupsd.conf update and related issues (CVE-2025-61915)\n * cups: Slow client communication leads to a possible DoS attack (CVE-2025-58436)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2026:0596",
"modified": "2026-01-16T14:59:53Z",
"published": "2026-01-14T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2026:0596"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-58436"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-61915"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2416039"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2416040"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2026-0596.html"
}
],
"related": [
"CVE-2025-61915",
"CVE-2025-58436"
],
"summary": "Moderate: cups security update"
}
FKIE_CVE-2025-61915
Vulnerability from fkie_nvd - Published: 2025-11-29 03:15 - Updated: 2025-12-04 17:15
Severity
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0 | Patch | |
| security-advisories@github.com | https://github.com/OpenPrinting/cups/releases/tag/v2.4.15 | Release Notes | |
| security-advisories@github.com | https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/11/27/5 | Mailing List, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openprinting | cups | * | |
| opengroup | unix | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D93D152-B5C1-4CD1-B7E9-785A55F3BE93",
"versionEndExcluding": "2.4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15."
}
],
"id": "CVE-2025-61915",
"lastModified": "2025-12-04T17:15:19.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-11-29T03:15:59.520",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.15"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2025/11/27/5"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-124"
},
{
"lang": "en",
"value": "CWE-129"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
MSRC_CVE-2025-61915
Vulnerability from csaf_microsoft - Published: 2025-11-02 00:00 - Updated: 2026-01-02 14:40Summary
OpenPrinting CUPS vulnerable to stack based out-of-bound write
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
6.0 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 20676-17084 | — | ||
| Unresolved product id: 20678-17086 | — | ||
| Unresolved product id: 20768-17086 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61915 OpenPrinting CUPS vulnerable to stack based out-of-bound write - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-61915.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "OpenPrinting CUPS vulnerable to stack based out-of-bound write",
"tracking": {
"current_release_date": "2026-01-02T14:40:04.000Z",
"generator": {
"date": "2026-01-02T21:02:43.449Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-61915",
"initial_release_date": "2025-11-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-11-30T01:01:30.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2025-12-01T14:38:40.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2025-12-03T01:01:36.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2025-12-07T01:39:54.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Information published."
},
{
"date": "2025-12-24T14:35:41.000Z",
"legacy_version": "5",
"number": "5",
"summary": "Information published."
},
{
"date": "2026-01-02T14:40:04.000Z",
"legacy_version": "6",
"number": "6",
"summary": "Information published."
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 cups 2.4.13-1",
"product": {
"name": "\u003cazl3 cups 2.4.13-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 cups 2.4.13-1",
"product": {
"name": "azl3 cups 2.4.13-1",
"product_id": "20676"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 cups 2.3.3op2-10",
"product": {
"name": "\u003ccbl2 cups 2.3.3op2-10",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 cups 2.3.3op2-10",
"product": {
"name": "cbl2 cups 2.3.3op2-10",
"product_id": "20678"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 cups 2.3.3op2-11",
"product": {
"name": "\u003ccbl2 cups 2.3.3op2-11",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 cups 2.3.3op2-11",
"product": {
"name": "cbl2 cups 2.3.3op2-11",
"product_id": "20768"
}
}
],
"category": "product_name",
"name": "cups"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cups 2.4.13-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cups 2.4.13-1 as a component of Azure Linux 3.0",
"product_id": "20676-17084"
},
"product_reference": "20676",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cups 2.3.3op2-10 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cups 2.3.3op2-10 as a component of CBL Mariner 2.0",
"product_id": "20678-17086"
},
"product_reference": "20678",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cups 2.3.3op2-11 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cups 2.3.3op2-11 as a component of CBL Mariner 2.0",
"product_id": "20768-17086"
},
"product_reference": "20768",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61915",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20676-17084",
"20678-17086",
"20768-17086"
],
"known_affected": [
"17084-3",
"17086-2",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61915 OpenPrinting CUPS vulnerable to stack based out-of-bound write - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-61915.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-30T01:01:30.000Z",
"details": "2.4.16-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-11-30T01:01:30.000Z",
"details": "2.3.3op2-11:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-2",
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"temporalScore": 6.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17084-3",
"17086-2",
"17086-1"
]
}
],
"title": "OpenPrinting CUPS vulnerable to stack based out-of-bound write"
}
]
}
OPENSUSE-SU-2026:10088-1
Vulnerability from csaf_opensuse - Published: 2026-01-26 00:00 - Updated: 2026-01-26 00:00Summary
cups-2.4.16-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: cups-2.4.16-1.1 on GA media
Description of the patch: These are all security issues fixed in the cups-2.4.16-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10088
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cups-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-client-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-client-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-client-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-client-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-config-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-config-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-config-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-config-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6 (Medium)
Affected products
Recommended
40 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cups-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-client-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-client-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-client-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-client-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-config-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-config-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-config-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-config-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2025-58436/ | self |
| https://www.suse.com/security/cve/CVE-2025-61915/ | self |
| https://www.suse.com/security/cve/CVE-2025-58436 | external |
| https://bugzilla.suse.com/1244057 | external |
| https://www.suse.com/security/cve/CVE-2025-61915 | external |
| https://bugzilla.suse.com/1253783 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cups-2.4.16-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cups-2.4.16-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10088",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10088-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58436 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61915/"
}
],
"title": "cups-2.4.16-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-26T00:00:00Z",
"generator": {
"date": "2026-01-26T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10088-1",
"initial_release_date": "2026-01-26T00:00:00Z",
"revision_history": [
{
"date": "2026-01-26T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cups-2.4.16-1.1.aarch64",
"product": {
"name": "cups-2.4.16-1.1.aarch64",
"product_id": "cups-2.4.16-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-client-2.4.16-1.1.aarch64",
"product": {
"name": "cups-client-2.4.16-1.1.aarch64",
"product_id": "cups-client-2.4.16-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-config-2.4.16-1.1.aarch64",
"product": {
"name": "cups-config-2.4.16-1.1.aarch64",
"product_id": "cups-config-2.4.16-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.4.16-1.1.aarch64",
"product": {
"name": "cups-ddk-2.4.16-1.1.aarch64",
"product_id": "cups-ddk-2.4.16-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-devel-2.4.16-1.1.aarch64",
"product": {
"name": "cups-devel-2.4.16-1.1.aarch64",
"product_id": "cups-devel-2.4.16-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-devel-32bit-2.4.16-1.1.aarch64",
"product": {
"name": "cups-devel-32bit-2.4.16-1.1.aarch64",
"product_id": "cups-devel-32bit-2.4.16-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcups2-2.4.16-1.1.aarch64",
"product": {
"name": "libcups2-2.4.16-1.1.aarch64",
"product_id": "libcups2-2.4.16-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcups2-32bit-2.4.16-1.1.aarch64",
"product": {
"name": "libcups2-32bit-2.4.16-1.1.aarch64",
"product_id": "libcups2-32bit-2.4.16-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.4.16-1.1.aarch64",
"product": {
"name": "libcupsimage2-2.4.16-1.1.aarch64",
"product_id": "libcupsimage2-2.4.16-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcupsimage2-32bit-2.4.16-1.1.aarch64",
"product": {
"name": "libcupsimage2-32bit-2.4.16-1.1.aarch64",
"product_id": "libcupsimage2-32bit-2.4.16-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-2.4.16-1.1.ppc64le",
"product": {
"name": "cups-2.4.16-1.1.ppc64le",
"product_id": "cups-2.4.16-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-client-2.4.16-1.1.ppc64le",
"product": {
"name": "cups-client-2.4.16-1.1.ppc64le",
"product_id": "cups-client-2.4.16-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-config-2.4.16-1.1.ppc64le",
"product": {
"name": "cups-config-2.4.16-1.1.ppc64le",
"product_id": "cups-config-2.4.16-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.4.16-1.1.ppc64le",
"product": {
"name": "cups-ddk-2.4.16-1.1.ppc64le",
"product_id": "cups-ddk-2.4.16-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-devel-2.4.16-1.1.ppc64le",
"product": {
"name": "cups-devel-2.4.16-1.1.ppc64le",
"product_id": "cups-devel-2.4.16-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-devel-32bit-2.4.16-1.1.ppc64le",
"product": {
"name": "cups-devel-32bit-2.4.16-1.1.ppc64le",
"product_id": "cups-devel-32bit-2.4.16-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcups2-2.4.16-1.1.ppc64le",
"product": {
"name": "libcups2-2.4.16-1.1.ppc64le",
"product_id": "libcups2-2.4.16-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcups2-32bit-2.4.16-1.1.ppc64le",
"product": {
"name": "libcups2-32bit-2.4.16-1.1.ppc64le",
"product_id": "libcups2-32bit-2.4.16-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.4.16-1.1.ppc64le",
"product": {
"name": "libcupsimage2-2.4.16-1.1.ppc64le",
"product_id": "libcupsimage2-2.4.16-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcupsimage2-32bit-2.4.16-1.1.ppc64le",
"product": {
"name": "libcupsimage2-32bit-2.4.16-1.1.ppc64le",
"product_id": "libcupsimage2-32bit-2.4.16-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-2.4.16-1.1.s390x",
"product": {
"name": "cups-2.4.16-1.1.s390x",
"product_id": "cups-2.4.16-1.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-client-2.4.16-1.1.s390x",
"product": {
"name": "cups-client-2.4.16-1.1.s390x",
"product_id": "cups-client-2.4.16-1.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-config-2.4.16-1.1.s390x",
"product": {
"name": "cups-config-2.4.16-1.1.s390x",
"product_id": "cups-config-2.4.16-1.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.4.16-1.1.s390x",
"product": {
"name": "cups-ddk-2.4.16-1.1.s390x",
"product_id": "cups-ddk-2.4.16-1.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-devel-2.4.16-1.1.s390x",
"product": {
"name": "cups-devel-2.4.16-1.1.s390x",
"product_id": "cups-devel-2.4.16-1.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-devel-32bit-2.4.16-1.1.s390x",
"product": {
"name": "cups-devel-32bit-2.4.16-1.1.s390x",
"product_id": "cups-devel-32bit-2.4.16-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcups2-2.4.16-1.1.s390x",
"product": {
"name": "libcups2-2.4.16-1.1.s390x",
"product_id": "libcups2-2.4.16-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcups2-32bit-2.4.16-1.1.s390x",
"product": {
"name": "libcups2-32bit-2.4.16-1.1.s390x",
"product_id": "libcups2-32bit-2.4.16-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.4.16-1.1.s390x",
"product": {
"name": "libcupsimage2-2.4.16-1.1.s390x",
"product_id": "libcupsimage2-2.4.16-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcupsimage2-32bit-2.4.16-1.1.s390x",
"product": {
"name": "libcupsimage2-32bit-2.4.16-1.1.s390x",
"product_id": "libcupsimage2-32bit-2.4.16-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-2.4.16-1.1.x86_64",
"product": {
"name": "cups-2.4.16-1.1.x86_64",
"product_id": "cups-2.4.16-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-client-2.4.16-1.1.x86_64",
"product": {
"name": "cups-client-2.4.16-1.1.x86_64",
"product_id": "cups-client-2.4.16-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-config-2.4.16-1.1.x86_64",
"product": {
"name": "cups-config-2.4.16-1.1.x86_64",
"product_id": "cups-config-2.4.16-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.4.16-1.1.x86_64",
"product": {
"name": "cups-ddk-2.4.16-1.1.x86_64",
"product_id": "cups-ddk-2.4.16-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-devel-2.4.16-1.1.x86_64",
"product": {
"name": "cups-devel-2.4.16-1.1.x86_64",
"product_id": "cups-devel-2.4.16-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-devel-32bit-2.4.16-1.1.x86_64",
"product": {
"name": "cups-devel-32bit-2.4.16-1.1.x86_64",
"product_id": "cups-devel-32bit-2.4.16-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcups2-2.4.16-1.1.x86_64",
"product": {
"name": "libcups2-2.4.16-1.1.x86_64",
"product_id": "libcups2-2.4.16-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcups2-32bit-2.4.16-1.1.x86_64",
"product": {
"name": "libcups2-32bit-2.4.16-1.1.x86_64",
"product_id": "libcups2-32bit-2.4.16-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.4.16-1.1.x86_64",
"product": {
"name": "libcupsimage2-2.4.16-1.1.x86_64",
"product_id": "libcupsimage2-2.4.16-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcupsimage2-32bit-2.4.16-1.1.x86_64",
"product": {
"name": "libcupsimage2-32bit-2.4.16-1.1.x86_64",
"product_id": "libcupsimage2-32bit-2.4.16-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.4.16-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-2.4.16-1.1.aarch64"
},
"product_reference": "cups-2.4.16-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.4.16-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-2.4.16-1.1.ppc64le"
},
"product_reference": "cups-2.4.16-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.4.16-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-2.4.16-1.1.s390x"
},
"product_reference": "cups-2.4.16-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.4.16-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-2.4.16-1.1.x86_64"
},
"product_reference": "cups-2.4.16-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.4.16-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-client-2.4.16-1.1.aarch64"
},
"product_reference": "cups-client-2.4.16-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.4.16-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-client-2.4.16-1.1.ppc64le"
},
"product_reference": "cups-client-2.4.16-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.4.16-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-client-2.4.16-1.1.s390x"
},
"product_reference": "cups-client-2.4.16-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.4.16-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-client-2.4.16-1.1.x86_64"
},
"product_reference": "cups-client-2.4.16-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.4.16-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-config-2.4.16-1.1.aarch64"
},
"product_reference": "cups-config-2.4.16-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.4.16-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-config-2.4.16-1.1.ppc64le"
},
"product_reference": "cups-config-2.4.16-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.4.16-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-config-2.4.16-1.1.s390x"
},
"product_reference": "cups-config-2.4.16-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.4.16-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-config-2.4.16-1.1.x86_64"
},
"product_reference": "cups-config-2.4.16-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.4.16-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.aarch64"
},
"product_reference": "cups-ddk-2.4.16-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.4.16-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.ppc64le"
},
"product_reference": "cups-ddk-2.4.16-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.4.16-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.s390x"
},
"product_reference": "cups-ddk-2.4.16-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.4.16-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.x86_64"
},
"product_reference": "cups-ddk-2.4.16-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.4.16-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-2.4.16-1.1.aarch64"
},
"product_reference": "cups-devel-2.4.16-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.4.16-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-2.4.16-1.1.ppc64le"
},
"product_reference": "cups-devel-2.4.16-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.4.16-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-2.4.16-1.1.s390x"
},
"product_reference": "cups-devel-2.4.16-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.4.16-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-2.4.16-1.1.x86_64"
},
"product_reference": "cups-devel-2.4.16-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-32bit-2.4.16-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.aarch64"
},
"product_reference": "cups-devel-32bit-2.4.16-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-32bit-2.4.16-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.ppc64le"
},
"product_reference": "cups-devel-32bit-2.4.16-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-32bit-2.4.16-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.s390x"
},
"product_reference": "cups-devel-32bit-2.4.16-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-32bit-2.4.16-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.x86_64"
},
"product_reference": "cups-devel-32bit-2.4.16-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.4.16-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-2.4.16-1.1.aarch64"
},
"product_reference": "libcups2-2.4.16-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.4.16-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-2.4.16-1.1.ppc64le"
},
"product_reference": "libcups2-2.4.16-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.4.16-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-2.4.16-1.1.s390x"
},
"product_reference": "libcups2-2.4.16-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.4.16-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-2.4.16-1.1.x86_64"
},
"product_reference": "libcups2-2.4.16-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-32bit-2.4.16-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.aarch64"
},
"product_reference": "libcups2-32bit-2.4.16-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-32bit-2.4.16-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.ppc64le"
},
"product_reference": "libcups2-32bit-2.4.16-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-32bit-2.4.16-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.s390x"
},
"product_reference": "libcups2-32bit-2.4.16-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-32bit-2.4.16-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.x86_64"
},
"product_reference": "libcups2-32bit-2.4.16-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.4.16-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.aarch64"
},
"product_reference": "libcupsimage2-2.4.16-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.4.16-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.ppc64le"
},
"product_reference": "libcupsimage2-2.4.16-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.4.16-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.s390x"
},
"product_reference": "libcupsimage2-2.4.16-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.4.16-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.x86_64"
},
"product_reference": "libcupsimage2-2.4.16-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-32bit-2.4.16-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.aarch64"
},
"product_reference": "libcupsimage2-32bit-2.4.16-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-32bit-2.4.16-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.ppc64le"
},
"product_reference": "libcupsimage2-32bit-2.4.16-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-32bit-2.4.16-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.s390x"
},
"product_reference": "libcupsimage2-32bit-2.4.16-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-32bit-2.4.16-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.x86_64"
},
"product_reference": "libcupsimage2-32bit-2.4.16-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58436"
}
],
"notes": [
{
"category": "general",
"text": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue has been patched in version 2.4.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58436",
"url": "https://www.suse.com/security/cve/CVE-2025-58436"
},
{
"category": "external",
"summary": "SUSE Bug 1244057 for CVE-2025-58436",
"url": "https://bugzilla.suse.com/1244057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cups-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58436"
},
{
"cve": "CVE-2025-61915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61915"
}
],
"notes": [
{
"category": "general",
"text": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61915",
"url": "https://www.suse.com/security/cve/CVE-2025-61915"
},
{
"category": "external",
"summary": "SUSE Bug 1253783 for CVE-2025-61915",
"url": "https://bugzilla.suse.com/1253783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cups-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-client-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-config-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-ddk-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-devel-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcups2-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.4.16-1.1.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.4.16-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-61915"
}
]
}
OPENSUSE-SU-2026:20172-1
Vulnerability from csaf_opensuse - Published: 2026-02-04 11:37 - Updated: 2026-02-04 11:37Summary
Security update for cups
Severity
Critical
Notes
Title of the patch: Security update for cups
Description of the patch: This update for cups fixes the following issues:
Update to version 2.4.16.
Security issues fixed:
- CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues (bsc#1253783).
- CVE-2025-58436: slow client communication leads to a possible DoS attack (bsc#1244057).
- CVE-2025-58364: unsafe deserialization and validation of printer attributes can cause a null dereference (bsc#1249128).
- CVE-2025-58060: authentication bypass with AuthType Negotiate (bsc#1249049).
Other updates and bugfixes:
- Version upgrade to 2.4.16:
* 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences,
potentially reading past the end of the source string
(Issue #1438)
* The web interface did not support domain usernames fully
(Issue #1441)
* Fixed an infinite loop issue in the GTK+ print dialog
(Issue #1439 boo#1254353)
* Fixed stopping scheduler on unknown directive in
configuration (Issue #1443)
* Fixed packages for Immutable Mode (jsc#PED-14775
from epic jsc#PED-14688)
- Version upgrade to 2.4.15:
* Fixed potential crash in 'cups-driverd' when there are
duplicate PPDs (Issue #1355)
* Fixed error recovery when scanning for PPDs
in 'cups-driverd' (Issue #1416)
- Version upgrade to 2.4.14.
- Version upgrade to 2.4.13:
* Added 'print-as-raster' printer and job attributes
for forcing rasterization (Issue #1282)
* Updated documentation (Issue #1086)
* Updated IPP backend to try a sanitized user name if the
printer/server does not like the value (Issue #1145)
* Updated the scheduler to send the "printer-added"
or "printer-modified" events whenever an IPP Everywhere PPD
is installed (Issue #1244)
* Updated the scheduler to send the "printer-modified" event
whenever the system default printer is changed (Issue #1246)
* Fixed a memory leak in 'httpClose' (Issue #1223)
* Fixed missing commas in 'ippCreateRequestedArray'
(Issue #1234)
* Fixed subscription issues in the scheduler and D-Bus notifier
(Issue #1235)
* Fixed media-default reporting for custom sizes (Issue #1238)
* Fixed support for IPP/PPD options with periods or underscores
(Issue #1249)
* Fixed parsing of real numbers in PPD compiler source files
(Issue #1263)
* Fixed scheduler freezing with zombie clients (Issue #1264)
* Fixed support for the server name in the ErrorLog filename
(Issue #1277)
* Fixed job cleanup after daemon restart (Issue #1315)
* Fixed handling of buggy DYMO USB printer serial numbers
(Issue #1338)
* Fixed unreachable block in IPP backend (Issue #1351)
* Fixed memory leak in _cupsConvertOptions (Issue #1354)
- Version upgrade to 2.4.12:
* GnuTLS follows system crypto policies now (Issue #1105)
* Added `NoSystem` SSLOptions value (Issue #1130)
* Now we raise alert for certificate issues (Issue #1194)
* Added Kyocera USB quirk (Issue #1198)
* The scheduler now logs a job's debugging history
if the backend fails (Issue #1205)
* Fixed a potential timing issue with `cupsEnumDests`
(Issue #1084)
* Fixed a potential "lost PPD" condition in the scheduler
(Issue #1109)
* Fixed a compressed file error handling bug (Issue #1070)
* Fixed a bug in the make-and-model whitespace trimming
code (Issue #1096)
* Fixed a removal of IPP Everywhere permanent queue
if installation failed (Issue #1102)
* Fixed `ServerToken None` in scheduler (Issue #1111)
* Fixed invalid IPP keyword values created from PPD
option names (Issue #1118)
* Fixed handling of "media" and "PageSize" in the same
print request (Issue #1125)
* Fixed client raster printing from macOS (Issue #1143)
* Fixed the default User-Agent string.
* Fixed a recursion issue in `ippReadIO`.
* Fixed handling incorrect radix in `scan_ps()` (Issue #1188)
* Fixed validation of dateTime values with time zones
more than UTC+11 (Issue #1201)
* Fixed attributes returned by the Create-Xxx-Subscriptions
requests (Issue #1204)
* Fixed `ippDateToTime` when using a non GMT/UTC timezone
(Issue #1208)
* Fixed `job-completed` event notifications for jobs that are
cancelled before started (Issue #1209)
* Fixed DNS-SD discovery with `ippfind` (Issue #1211)
Patchnames: openSUSE-Leap-16.0-242
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
19 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://bugzilla.suse.com/1244057 | self |
| https://bugzilla.suse.com/1249049 | self |
| https://bugzilla.suse.com/1249128 | self |
| https://bugzilla.suse.com/1253783 | self |
| https://bugzilla.suse.com/1254353 | self |
| https://www.suse.com/security/cve/CVE-2025-58060/ | self |
| https://www.suse.com/security/cve/CVE-2025-58364/ | self |
| https://www.suse.com/security/cve/CVE-2025-58436/ | self |
| https://www.suse.com/security/cve/CVE-2025-61915/ | self |
| https://www.suse.com/security/cve/CVE-2025-58060 | external |
| https://bugzilla.suse.com/1249049 | external |
| https://www.suse.com/security/cve/CVE-2025-58364 | external |
| https://bugzilla.suse.com/1249128 | external |
| https://www.suse.com/security/cve/CVE-2025-58436 | external |
| https://bugzilla.suse.com/1244057 | external |
| https://www.suse.com/security/cve/CVE-2025-61915 | external |
| https://bugzilla.suse.com/1253783 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cups",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cups fixes the following issues:\n\nUpdate to version 2.4.16.\n\nSecurity issues fixed:\n\n- CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues (bsc#1253783).\n- CVE-2025-58436: slow client communication leads to a possible DoS attack (bsc#1244057).\n- CVE-2025-58364: unsafe deserialization and validation of printer attributes can cause a null dereference (bsc#1249128).\n- CVE-2025-58060: authentication bypass with AuthType Negotiate (bsc#1249049).\n\nOther updates and bugfixes:\n\n- Version upgrade to 2.4.16:\n\n * \u0027cupsUTF8ToCharset\u0027 didn\u0027t validate 2-byte UTF-8 sequences,\n potentially reading past the end of the source string\n (Issue #1438)\n * The web interface did not support domain usernames fully\n (Issue #1441)\n * Fixed an infinite loop issue in the GTK+ print dialog\n (Issue #1439 boo#1254353)\n * Fixed stopping scheduler on unknown directive in\n configuration (Issue #1443)\n * Fixed packages for Immutable Mode (jsc#PED-14775\n from epic jsc#PED-14688)\n\n- Version upgrade to 2.4.15:\n\n * Fixed potential crash in \u0027cups-driverd\u0027 when there are\n duplicate PPDs (Issue #1355)\n * Fixed error recovery when scanning for PPDs\n in \u0027cups-driverd\u0027 (Issue #1416)\n\n- Version upgrade to 2.4.14.\n\n- Version upgrade to 2.4.13:\n\n * Added \u0027print-as-raster\u0027 printer and job attributes\n for forcing rasterization (Issue #1282)\n * Updated documentation (Issue #1086)\n * Updated IPP backend to try a sanitized user name if the\n printer/server does not like the value (Issue #1145)\n * Updated the scheduler to send the \"printer-added\"\n or \"printer-modified\" events whenever an IPP Everywhere PPD\n is installed (Issue #1244)\n * Updated the scheduler to send the \"printer-modified\" event\n whenever the system default printer is changed (Issue #1246)\n * Fixed a memory leak in \u0027httpClose\u0027 (Issue #1223)\n * Fixed missing commas in \u0027ippCreateRequestedArray\u0027\n (Issue #1234)\n * Fixed subscription issues in the scheduler and D-Bus notifier\n (Issue #1235)\n * Fixed media-default reporting for custom sizes (Issue #1238)\n * Fixed support for IPP/PPD options with periods or underscores\n (Issue #1249)\n * Fixed parsing of real numbers in PPD compiler source files\n (Issue #1263)\n * Fixed scheduler freezing with zombie clients (Issue #1264)\n * Fixed support for the server name in the ErrorLog filename\n (Issue #1277)\n * Fixed job cleanup after daemon restart (Issue #1315)\n * Fixed handling of buggy DYMO USB printer serial numbers\n (Issue #1338)\n * Fixed unreachable block in IPP backend (Issue #1351)\n * Fixed memory leak in _cupsConvertOptions (Issue #1354)\n\n- Version upgrade to 2.4.12:\n\n * GnuTLS follows system crypto policies now (Issue #1105)\n * Added `NoSystem` SSLOptions value (Issue #1130)\n * Now we raise alert for certificate issues (Issue #1194)\n * Added Kyocera USB quirk (Issue #1198)\n * The scheduler now logs a job\u0027s debugging history\n if the backend fails (Issue #1205)\n * Fixed a potential timing issue with `cupsEnumDests`\n (Issue #1084)\n * Fixed a potential \"lost PPD\" condition in the scheduler\n (Issue #1109)\n * Fixed a compressed file error handling bug (Issue #1070)\n * Fixed a bug in the make-and-model whitespace trimming\n code (Issue #1096)\n * Fixed a removal of IPP Everywhere permanent queue\n if installation failed (Issue #1102)\n * Fixed `ServerToken None` in scheduler (Issue #1111)\n * Fixed invalid IPP keyword values created from PPD\n option names (Issue #1118)\n * Fixed handling of \"media\" and \"PageSize\" in the same\n print request (Issue #1125)\n * Fixed client raster printing from macOS (Issue #1143)\n * Fixed the default User-Agent string.\n * Fixed a recursion issue in `ippReadIO`.\n * Fixed handling incorrect radix in `scan_ps()` (Issue #1188)\n * Fixed validation of dateTime values with time zones\n more than UTC+11 (Issue #1201)\n * Fixed attributes returned by the Create-Xxx-Subscriptions\n requests (Issue #1204)\n * Fixed `ippDateToTime` when using a non GMT/UTC timezone\n (Issue #1208)\n * Fixed `job-completed` event notifications for jobs that are\n cancelled before started (Issue #1209)\n * Fixed DNS-SD discovery with `ippfind` (Issue #1211)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-242",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20172-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1244057",
"url": "https://bugzilla.suse.com/1244057"
},
{
"category": "self",
"summary": "SUSE Bug 1249049",
"url": "https://bugzilla.suse.com/1249049"
},
{
"category": "self",
"summary": "SUSE Bug 1249128",
"url": "https://bugzilla.suse.com/1249128"
},
{
"category": "self",
"summary": "SUSE Bug 1253783",
"url": "https://bugzilla.suse.com/1253783"
},
{
"category": "self",
"summary": "SUSE Bug 1254353",
"url": "https://bugzilla.suse.com/1254353"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58364 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58436 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61915/"
}
],
"title": "Security update for cups",
"tracking": {
"current_release_date": "2026-02-04T11:37:13Z",
"generator": {
"date": "2026-02-04T11:37:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20172-1",
"initial_release_date": "2026-02-04T11:37:13Z",
"revision_history": [
{
"date": "2026-02-04T11:37:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cups-2.4.16-160000.1.1.aarch64",
"product": {
"name": "cups-2.4.16-160000.1.1.aarch64",
"product_id": "cups-2.4.16-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-client-2.4.16-160000.1.1.aarch64",
"product": {
"name": "cups-client-2.4.16-160000.1.1.aarch64",
"product_id": "cups-client-2.4.16-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-config-2.4.16-160000.1.1.aarch64",
"product": {
"name": "cups-config-2.4.16-160000.1.1.aarch64",
"product_id": "cups-config-2.4.16-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.4.16-160000.1.1.aarch64",
"product": {
"name": "cups-ddk-2.4.16-160000.1.1.aarch64",
"product_id": "cups-ddk-2.4.16-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-devel-2.4.16-160000.1.1.aarch64",
"product": {
"name": "cups-devel-2.4.16-160000.1.1.aarch64",
"product_id": "cups-devel-2.4.16-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcups2-2.4.16-160000.1.1.aarch64",
"product": {
"name": "libcups2-2.4.16-160000.1.1.aarch64",
"product_id": "libcups2-2.4.16-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.4.16-160000.1.1.aarch64",
"product": {
"name": "libcupsimage2-2.4.16-160000.1.1.aarch64",
"product_id": "libcupsimage2-2.4.16-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-2.4.16-160000.1.1.ppc64le",
"product": {
"name": "cups-2.4.16-160000.1.1.ppc64le",
"product_id": "cups-2.4.16-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-client-2.4.16-160000.1.1.ppc64le",
"product": {
"name": "cups-client-2.4.16-160000.1.1.ppc64le",
"product_id": "cups-client-2.4.16-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-config-2.4.16-160000.1.1.ppc64le",
"product": {
"name": "cups-config-2.4.16-160000.1.1.ppc64le",
"product_id": "cups-config-2.4.16-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.4.16-160000.1.1.ppc64le",
"product": {
"name": "cups-ddk-2.4.16-160000.1.1.ppc64le",
"product_id": "cups-ddk-2.4.16-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-devel-2.4.16-160000.1.1.ppc64le",
"product": {
"name": "cups-devel-2.4.16-160000.1.1.ppc64le",
"product_id": "cups-devel-2.4.16-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcups2-2.4.16-160000.1.1.ppc64le",
"product": {
"name": "libcups2-2.4.16-160000.1.1.ppc64le",
"product_id": "libcups2-2.4.16-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.4.16-160000.1.1.ppc64le",
"product": {
"name": "libcupsimage2-2.4.16-160000.1.1.ppc64le",
"product_id": "libcupsimage2-2.4.16-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-2.4.16-160000.1.1.s390x",
"product": {
"name": "cups-2.4.16-160000.1.1.s390x",
"product_id": "cups-2.4.16-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-client-2.4.16-160000.1.1.s390x",
"product": {
"name": "cups-client-2.4.16-160000.1.1.s390x",
"product_id": "cups-client-2.4.16-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-config-2.4.16-160000.1.1.s390x",
"product": {
"name": "cups-config-2.4.16-160000.1.1.s390x",
"product_id": "cups-config-2.4.16-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.4.16-160000.1.1.s390x",
"product": {
"name": "cups-ddk-2.4.16-160000.1.1.s390x",
"product_id": "cups-ddk-2.4.16-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-devel-2.4.16-160000.1.1.s390x",
"product": {
"name": "cups-devel-2.4.16-160000.1.1.s390x",
"product_id": "cups-devel-2.4.16-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcups2-2.4.16-160000.1.1.s390x",
"product": {
"name": "libcups2-2.4.16-160000.1.1.s390x",
"product_id": "libcups2-2.4.16-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.4.16-160000.1.1.s390x",
"product": {
"name": "libcupsimage2-2.4.16-160000.1.1.s390x",
"product_id": "libcupsimage2-2.4.16-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-2.4.16-160000.1.1.x86_64",
"product": {
"name": "cups-2.4.16-160000.1.1.x86_64",
"product_id": "cups-2.4.16-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-client-2.4.16-160000.1.1.x86_64",
"product": {
"name": "cups-client-2.4.16-160000.1.1.x86_64",
"product_id": "cups-client-2.4.16-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-config-2.4.16-160000.1.1.x86_64",
"product": {
"name": "cups-config-2.4.16-160000.1.1.x86_64",
"product_id": "cups-config-2.4.16-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.4.16-160000.1.1.x86_64",
"product": {
"name": "cups-ddk-2.4.16-160000.1.1.x86_64",
"product_id": "cups-ddk-2.4.16-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-devel-2.4.16-160000.1.1.x86_64",
"product": {
"name": "cups-devel-2.4.16-160000.1.1.x86_64",
"product_id": "cups-devel-2.4.16-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcups2-2.4.16-160000.1.1.x86_64",
"product": {
"name": "libcups2-2.4.16-160000.1.1.x86_64",
"product_id": "libcups2-2.4.16-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.4.16-160000.1.1.x86_64",
"product": {
"name": "libcupsimage2-2.4.16-160000.1.1.x86_64",
"product_id": "libcupsimage2-2.4.16-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.4.16-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64"
},
"product_reference": "cups-2.4.16-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.4.16-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le"
},
"product_reference": "cups-2.4.16-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.4.16-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x"
},
"product_reference": "cups-2.4.16-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.4.16-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64"
},
"product_reference": "cups-2.4.16-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.4.16-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64"
},
"product_reference": "cups-client-2.4.16-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.4.16-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le"
},
"product_reference": "cups-client-2.4.16-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.4.16-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x"
},
"product_reference": "cups-client-2.4.16-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.4.16-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64"
},
"product_reference": "cups-client-2.4.16-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.4.16-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64"
},
"product_reference": "cups-config-2.4.16-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.4.16-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le"
},
"product_reference": "cups-config-2.4.16-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.4.16-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x"
},
"product_reference": "cups-config-2.4.16-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.4.16-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64"
},
"product_reference": "cups-config-2.4.16-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.4.16-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64"
},
"product_reference": "cups-ddk-2.4.16-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.4.16-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le"
},
"product_reference": "cups-ddk-2.4.16-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.4.16-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x"
},
"product_reference": "cups-ddk-2.4.16-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.4.16-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64"
},
"product_reference": "cups-ddk-2.4.16-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.4.16-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64"
},
"product_reference": "cups-devel-2.4.16-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.4.16-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le"
},
"product_reference": "cups-devel-2.4.16-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.4.16-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x"
},
"product_reference": "cups-devel-2.4.16-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.4.16-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64"
},
"product_reference": "cups-devel-2.4.16-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.4.16-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64"
},
"product_reference": "libcups2-2.4.16-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.4.16-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le"
},
"product_reference": "libcups2-2.4.16-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.4.16-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x"
},
"product_reference": "libcups2-2.4.16-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.4.16-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64"
},
"product_reference": "libcups2-2.4.16-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.4.16-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64"
},
"product_reference": "libcupsimage2-2.4.16-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.4.16-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le"
},
"product_reference": "libcupsimage2-2.4.16-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.4.16-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x"
},
"product_reference": "libcupsimage2-2.4.16-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.4.16-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
},
"product_reference": "libcupsimage2-2.4.16-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58060"
}
],
"notes": [
{
"category": "general",
"text": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58060",
"url": "https://www.suse.com/security/cve/CVE-2025-58060"
},
{
"category": "external",
"summary": "SUSE Bug 1249049 for CVE-2025-58060",
"url": "https://bugzilla.suse.com/1249049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-04T11:37:13Z",
"details": "important"
}
],
"title": "CVE-2025-58060"
},
{
"cve": "CVE-2025-58364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58364"
}
],
"notes": [
{
"category": "general",
"text": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups \u0026 cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be available to public internet, attack vector \"Network\" is possible. The current versions of CUPS and cups-browsed projects have the attack vector \"Adjacent\" in their default configurations. Version 2.4.13 contains a patch for CVE-2025-58364.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58364",
"url": "https://www.suse.com/security/cve/CVE-2025-58364"
},
{
"category": "external",
"summary": "SUSE Bug 1249128 for CVE-2025-58364",
"url": "https://bugzilla.suse.com/1249128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-04T11:37:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-58364"
},
{
"cve": "CVE-2025-58436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58436"
}
],
"notes": [
{
"category": "general",
"text": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue has been patched in version 2.4.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58436",
"url": "https://www.suse.com/security/cve/CVE-2025-58436"
},
{
"category": "external",
"summary": "SUSE Bug 1244057 for CVE-2025-58436",
"url": "https://bugzilla.suse.com/1244057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-04T11:37:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-58436"
},
{
"cve": "CVE-2025-61915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61915"
}
],
"notes": [
{
"category": "general",
"text": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61915",
"url": "https://www.suse.com/security/cve/CVE-2025-61915"
},
{
"category": "external",
"summary": "SUSE Bug 1253783 for CVE-2025-61915",
"url": "https://bugzilla.suse.com/1253783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-04T11:37:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-61915"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…