Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-18248 (GCVE-0-2017-18248)
Vulnerability from cvelistv5
Published
2018-03-26 17:00
Modified
2024-08-05 21:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:13:49.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180526 [SECURITY] [DLA 1387-1] cups security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/apple/cups/issues/5143"
},
{
"name": "[debian-lts-announce] 20180703 [SECURITY] [DLA 1412-1] cups security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html"
},
{
"name": "USN-3713-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3713-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.cucumberlinux.com/security/details.php?id=346"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/apple/cups/releases/tag/v2.2.6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-12T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20180526 [SECURITY] [DLA 1387-1] cups security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/apple/cups/issues/5143"
},
{
"name": "[debian-lts-announce] 20180703 [SECURITY] [DLA 1412-1] cups security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html"
},
{
"name": "USN-3713-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3713-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.cucumberlinux.com/security/details.php?id=346"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/apple/cups/releases/tag/v2.2.6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180526 [SECURITY] [DLA 1387-1] cups security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html"
},
{
"name": "https://github.com/apple/cups/issues/5143",
"refsource": "CONFIRM",
"url": "https://github.com/apple/cups/issues/5143"
},
{
"name": "[debian-lts-announce] 20180703 [SECURITY] [DLA 1412-1] cups security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html"
},
{
"name": "USN-3713-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3713-1/"
},
{
"name": "https://security.cucumberlinux.com/security/details.php?id=346",
"refsource": "MISC",
"url": "https://security.cucumberlinux.com/security/details.php?id=346"
},
{
"name": "https://github.com/apple/cups/releases/tag/v2.2.6",
"refsource": "CONFIRM",
"url": "https://github.com/apple/cups/releases/tag/v2.2.6"
},
{
"name": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3",
"refsource": "CONFIRM",
"url": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-18248",
"datePublished": "2018-03-26T17:00:00",
"dateReserved": "2018-03-26T00:00:00",
"dateUpdated": "2024-08-05T21:13:49.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2017-18248\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-03-26T17:29:00.207\",\"lastModified\":\"2024-11-21T03:19:40.680\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n add_job en scheduler/ipp.c en CUPS, en versiones anteriores a la 2.2.6, cuando un soporte D-Bus est\u00e1 habilitado, podr\u00eda experimentar un cierre inesperado llevado a cabo por atacantes remotos mediante el env\u00edo de tareas de impresi\u00f3n con un nombre de usuario no v\u00e1lido. Esto est\u00e1 relacionado con una notificaci\u00f3n D-Bus.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:N/A:P\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.2.6\",\"matchCriteriaId\":\"6A17CA65-4B96-400E-B3EE-EA8D32F0AB63\"}]}]}],\"references\":[{\"url\":\"https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apple/cups/issues/5143\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apple/cups/releases/tag/v2.2.6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.cucumberlinux.com/security/details.php?id=346\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3713-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apple/cups/issues/5143\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apple/cups/releases/tag/v2.2.6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.cucumberlinux.com/security/details.php?id=346\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3713-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
fkie_cve-2017-18248
Vulnerability from fkie_nvd
Published
2018-03-26 17:29
Modified
2024-11-21 03:19
Severity ?
Summary
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A17CA65-4B96-400E-B3EE-EA8D32F0AB63",
"versionEndExcluding": "2.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification."
},
{
"lang": "es",
"value": "La funci\u00f3n add_job en scheduler/ipp.c en CUPS, en versiones anteriores a la 2.2.6, cuando un soporte D-Bus est\u00e1 habilitado, podr\u00eda experimentar un cierre inesperado llevado a cabo por atacantes remotos mediante el env\u00edo de tareas de impresi\u00f3n con un nombre de usuario no v\u00e1lido. Esto est\u00e1 relacionado con una notificaci\u00f3n D-Bus."
}
],
"id": "CVE-2017-18248",
"lastModified": "2024-11-21T03:19:40.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-26T17:29:00.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apple/cups/issues/5143"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/apple/cups/releases/tag/v2.2.6"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://security.cucumberlinux.com/security/details.php?id=346"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3713-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apple/cups/issues/5143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/apple/cups/releases/tag/v2.2.6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://security.cucumberlinux.com/security/details.php?id=346"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3713-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2017-18248
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-18248",
"description": "The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.",
"id": "GSD-2017-18248",
"references": [
"https://www.suse.com/security/cve/CVE-2017-18248.html",
"https://ubuntu.com/security/CVE-2017-18248",
"https://advisories.mageia.org/CVE-2017-18248.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-18248"
],
"details": "The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.",
"id": "GSD-2017-18248",
"modified": "2023-12-13T01:21:11.051767Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180526 [SECURITY] [DLA 1387-1] cups security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html"
},
{
"name": "https://github.com/apple/cups/issues/5143",
"refsource": "CONFIRM",
"url": "https://github.com/apple/cups/issues/5143"
},
{
"name": "[debian-lts-announce] 20180703 [SECURITY] [DLA 1412-1] cups security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html"
},
{
"name": "USN-3713-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3713-1/"
},
{
"name": "https://security.cucumberlinux.com/security/details.php?id=346",
"refsource": "MISC",
"url": "https://security.cucumberlinux.com/security/details.php?id=346"
},
{
"name": "https://github.com/apple/cups/releases/tag/v2.2.6",
"refsource": "CONFIRM",
"url": "https://github.com/apple/cups/releases/tag/v2.2.6"
},
{
"name": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3",
"refsource": "CONFIRM",
"url": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:cups:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.2.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18248"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/apple/cups/releases/tag/v2.2.6",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/apple/cups/releases/tag/v2.2.6"
},
{
"name": "https://github.com/apple/cups/issues/5143",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/apple/cups/issues/5143"
},
{
"name": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3"
},
{
"name": "https://security.cucumberlinux.com/security/details.php?id=346",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://security.cucumberlinux.com/security/details.php?id=346"
},
{
"name": "[debian-lts-announce] 20180526 [SECURITY] [DLA 1387-1] cups security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20180703 [SECURITY] [DLA 1412-1] cups security update",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html"
},
{
"name": "USN-3713-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/3713-1/"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
},
"lastModifiedDate": "2018-07-13T01:29Z",
"publishedDate": "2018-03-26T17:29Z"
}
}
}
var-201803-1130
Vulnerability from variot
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. CUPS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Apple CUPS (Common Unix Printing System) is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. A security vulnerability exists in the 'add_job' function in Apple CUPS versions prior to 2.2.6. ========================================================================== Ubuntu Security Notice USN-3713-1 July 11, 2018
cups vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in CUPS. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2017-18248)
Dan Bastone discovered that the CUPS dnssd backend incorrectly handled certain environment variables. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-4180)
Eric Rafaloff and John Dunlap discovered that CUPS incorrectly handled certain include directives. A local attacker could possibly use this issue to read arbitrary files. (CVE-2018-4181)
Dan Bastone discovered that the CUPS AppArmor profile incorrectly confined the dnssd backend. A local attacker could possibly use this issue to escape confinement. (CVE-2018-6553)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: cups 2.2.7-1ubuntu2.1
Ubuntu 17.10: cups 2.2.4-7ubuntu3.1
Ubuntu 16.04 LTS: cups 2.1.3-4ubuntu0.5
Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.10
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/usn/usn-3713-1 CVE-2017-18248, CVE-2018-4180, CVE-2018-4181, CVE-2018-6553
Package Information: https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.1 https://launchpad.net/ubuntu/+source/cups/2.2.4-7ubuntu3.1 https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.5 https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.10
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1130",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cups",
"scope": "lt",
"trust": 1.8,
"vendor": "apple",
"version": "2.2.6"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.2.3"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.7.4"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.0.1"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.2.4"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.7.1"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.2.5"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.7.2"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.0"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.1"
},
{
"model": "cups",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "1.7.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013048"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-933"
},
{
"db": "NVD",
"id": "CVE-2017-18248"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:cups",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013048"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "148510"
}
],
"trust": 0.1
},
"cve": "CVE-2017-18248",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2017-18248",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-109351",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.6,
"id": "CVE-2017-18248",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-18248",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-18248",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-933",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-109351",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013048"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-933"
},
{
"db": "NVD",
"id": "CVE-2017-18248"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. CUPS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Apple CUPS (Common Unix Printing System) is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. A security vulnerability exists in the \u0027add_job\u0027 function in Apple CUPS versions prior to 2.2.6. ==========================================================================\nUbuntu Security Notice USN-3713-1\nJuly 11, 2018\n\ncups vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n- Ubuntu 17.10\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in CUPS. A remote attacker could possibly use this issue to cause\nCUPS to crash, resulting in a denial of service. This issue only affected\nUbuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2017-18248)\n\nDan Bastone discovered that the CUPS dnssd backend incorrectly handled\ncertain environment variables. A local attacker could possibly use this\nissue to escalate privileges. (CVE-2018-4180)\n\nEric Rafaloff and John Dunlap discovered that CUPS incorrectly handled\ncertain include directives. A local attacker could possibly use this issue\nto read arbitrary files. (CVE-2018-4181)\n\nDan Bastone discovered that the CUPS AppArmor profile incorrectly confined\nthe dnssd backend. A local attacker could possibly use this issue to escape\nconfinement. (CVE-2018-6553)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n cups 2.2.7-1ubuntu2.1\n\nUbuntu 17.10:\n cups 2.2.4-7ubuntu3.1\n\nUbuntu 16.04 LTS:\n cups 2.1.3-4ubuntu0.5\n\nUbuntu 14.04 LTS:\n cups 1.7.2-0ubuntu1.10\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n https://usn.ubuntu.com/usn/usn-3713-1\n CVE-2017-18248, CVE-2018-4180, CVE-2018-4181, CVE-2018-6553\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.1\n https://launchpad.net/ubuntu/+source/cups/2.2.4-7ubuntu3.1\n https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.5\n https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.10\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-18248"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013048"
},
{
"db": "VULHUB",
"id": "VHN-109351"
},
{
"db": "PACKETSTORM",
"id": "148510"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-18248",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013048",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-933",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "148510",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-109351",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013048"
},
{
"db": "PACKETSTORM",
"id": "148510"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-933"
},
{
"db": "NVD",
"id": "CVE-2017-18248"
}
]
},
"id": "VAR-201803-1130",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-109351"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:25:34.413000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DBUS notifications could crash the scheduler (Issue #5143)",
"trust": 0.8,
"url": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3"
},
{
"title": "Remote DoS attack against cupsd via invalid username and malicious D-Bus library #5143",
"trust": 0.8,
"url": "https://github.com/apple/cups/issues/5143"
},
{
"title": "Releases: v2.2.6",
"trust": 0.8,
"url": "https://github.com/apple/cups/releases/tag/v2.2.6"
},
{
"title": "Apple CUPS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79426"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013048"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-933"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013048"
},
{
"db": "NVD",
"id": "CVE-2017-18248"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3"
},
{
"trust": 1.7,
"url": "https://github.com/apple/cups/issues/5143"
},
{
"trust": 1.7,
"url": "https://github.com/apple/cups/releases/tag/v2.2.6"
},
{
"trust": 1.1,
"url": "https://security.cucumberlinux.com/security/details.php?id=346"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3713-1/"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-18248"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18248"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/cups/2.2.4-7ubuntu3.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6553"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.5"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3713-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-4181"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-109351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013048"
},
{
"db": "PACKETSTORM",
"id": "148510"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-933"
},
{
"db": "NVD",
"id": "CVE-2017-18248"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-109351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013048"
},
{
"db": "PACKETSTORM",
"id": "148510"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-933"
},
{
"db": "NVD",
"id": "CVE-2017-18248"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-109351"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013048"
},
{
"date": "2018-07-11T22:07:12",
"db": "PACKETSTORM",
"id": "148510"
},
{
"date": "2018-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-933"
},
{
"date": "2018-03-26T17:29:00.207000",
"db": "NVD",
"id": "CVE-2017-18248"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-109351"
},
{
"date": "2018-05-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013048"
},
{
"date": "2018-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-933"
},
{
"date": "2024-11-21T03:19:40.680000",
"db": "NVD",
"id": "CVE-2017-18248"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-933"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CUPS Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013048"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-933"
}
],
"trust": 0.6
}
}
cnvd-2018-06858
Vulnerability from cnvd
Title: CUPS拒绝服务漏洞
Description:
Apple CUPS(Common Unix Printing System)是美国苹果(Apple)公司的一套开源的用于OS X和类Unix系统的打印系统。该系统基于Internet打印协议(IPP),提供大多数PostScript和raster打印机服务。
Apple CUPS 2.2.6之前版本中的‘add_job’函数存在安全漏洞。远程攻击者可通过发送带有无效用户名的打印请求利用该漏洞造成拒绝服务(崩溃)。
Severity: 中
Patch Name: CUPS拒绝服务漏洞的补丁
Patch Description:
Apple CUPS(Common Unix Printing System)是美国苹果(Apple)公司的一套开源的用于OS X和类Unix系统的打印系统。该系统基于Internet打印协议(IPP),提供大多数PostScript和raster打印机服务。
Apple CUPS 2.2.6之前版本中的‘add_job’函数存在安全漏洞。远程攻击者可通过发送带有无效用户名的打印请求利用该漏洞造成拒绝服务(崩溃)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
厂商已发布漏洞修复程序,请及时关注更新: https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3
Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-18248
Impacted products
| Name | Apple CUPS <2.2.6 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-18248"
}
},
"description": "Apple CUPS\uff08Common Unix Printing System\uff09\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u7528\u4e8eOS X\u548c\u7c7bUnix\u7cfb\u7edf\u7684\u6253\u5370\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u57fa\u4e8eInternet\u6253\u5370\u534f\u8bae\uff08IPP\uff09\uff0c\u63d0\u4f9b\u5927\u591a\u6570PostScript\u548craster\u6253\u5370\u673a\u670d\u52a1\u3002\r\n\r\nApple CUPS 2.2.6\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u2018add_job\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5e26\u6709\u65e0\u6548\u7528\u6237\u540d\u7684\u6253\u5370\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u3002",
"discovererName": "Unknow",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-06858",
"openTime": "2018-04-02",
"patchDescription": "Apple CUPS\uff08Common Unix Printing System\uff09\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u7528\u4e8eOS X\u548c\u7c7bUnix\u7cfb\u7edf\u7684\u6253\u5370\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u57fa\u4e8eInternet\u6253\u5370\u534f\u8bae\uff08IPP\uff09\uff0c\u63d0\u4f9b\u5927\u591a\u6570PostScript\u548craster\u6253\u5370\u673a\u670d\u52a1\u3002\r\n\r\nApple CUPS 2.2.6\u4e4b\u524d\u7248\u672c\u4e2d\u7684\u2018add_job\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u5e26\u6709\u65e0\u6548\u7528\u6237\u540d\u7684\u6253\u5370\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "CUPS\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Apple CUPS \u003c2.2.6"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-18248",
"serverity": "\u4e2d",
"submitTime": "2018-03-27",
"title": "CUPS\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
opensuse-su-2024:10707-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
cups-2.3.3op2-4.2 on GA media
Notes
Title of the patch
cups-2.3.3op2-4.2 on GA media
Description of the patch
These are all security issues fixed in the cups-2.3.3op2-4.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10707
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cups-2.3.3op2-4.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cups-2.3.3op2-4.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10707",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10707-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2005-3193 page",
"url": "https://www.suse.com/security/cve/CVE-2005-3193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2005-3624 page",
"url": "https://www.suse.com/security/cve/CVE-2005-3624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2005-3628 page",
"url": "https://www.suse.com/security/cve/CVE-2005-3628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-0104 page",
"url": "https://www.suse.com/security/cve/CVE-2007-0104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-3387 page",
"url": "https://www.suse.com/security/cve/CVE-2007-3387/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-4351 page",
"url": "https://www.suse.com/security/cve/CVE-2007-4351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-4352 page",
"url": "https://www.suse.com/security/cve/CVE-2007-4352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2007-5393 page",
"url": "https://www.suse.com/security/cve/CVE-2007-5393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-0047 page",
"url": "https://www.suse.com/security/cve/CVE-2008-0047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1693 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1693/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-1722 page",
"url": "https://www.suse.com/security/cve/CVE-2008-1722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2008-3641 page",
"url": "https://www.suse.com/security/cve/CVE-2008-3641/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18248 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-4700 page",
"url": "https://www.suse.com/security/cve/CVE-2018-4700/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-2228 page",
"url": "https://www.suse.com/security/cve/CVE-2019-2228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8696 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8842 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10001 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-3898 page",
"url": "https://www.suse.com/security/cve/CVE-2020-3898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-25317 page",
"url": "https://www.suse.com/security/cve/CVE-2021-25317/"
}
],
"title": "cups-2.3.3op2-4.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10707-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cups-2.3.3op2-4.2.aarch64",
"product": {
"name": "cups-2.3.3op2-4.2.aarch64",
"product_id": "cups-2.3.3op2-4.2.aarch64"
}
},
{
"category": "product_version",
"name": "cups-client-2.3.3op2-4.2.aarch64",
"product": {
"name": "cups-client-2.3.3op2-4.2.aarch64",
"product_id": "cups-client-2.3.3op2-4.2.aarch64"
}
},
{
"category": "product_version",
"name": "cups-config-2.3.3op2-4.2.aarch64",
"product": {
"name": "cups-config-2.3.3op2-4.2.aarch64",
"product_id": "cups-config-2.3.3op2-4.2.aarch64"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.3.3op2-4.2.aarch64",
"product": {
"name": "cups-ddk-2.3.3op2-4.2.aarch64",
"product_id": "cups-ddk-2.3.3op2-4.2.aarch64"
}
},
{
"category": "product_version",
"name": "cups-devel-2.3.3op2-4.2.aarch64",
"product": {
"name": "cups-devel-2.3.3op2-4.2.aarch64",
"product_id": "cups-devel-2.3.3op2-4.2.aarch64"
}
},
{
"category": "product_version",
"name": "cups-devel-32bit-2.3.3op2-4.2.aarch64",
"product": {
"name": "cups-devel-32bit-2.3.3op2-4.2.aarch64",
"product_id": "cups-devel-32bit-2.3.3op2-4.2.aarch64"
}
},
{
"category": "product_version",
"name": "libcups2-2.3.3op2-4.2.aarch64",
"product": {
"name": "libcups2-2.3.3op2-4.2.aarch64",
"product_id": "libcups2-2.3.3op2-4.2.aarch64"
}
},
{
"category": "product_version",
"name": "libcups2-32bit-2.3.3op2-4.2.aarch64",
"product": {
"name": "libcups2-32bit-2.3.3op2-4.2.aarch64",
"product_id": "libcups2-32bit-2.3.3op2-4.2.aarch64"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.3.3op2-4.2.aarch64",
"product": {
"name": "libcupsimage2-2.3.3op2-4.2.aarch64",
"product_id": "libcupsimage2-2.3.3op2-4.2.aarch64"
}
},
{
"category": "product_version",
"name": "libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"product": {
"name": "libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"product_id": "libcupsimage2-32bit-2.3.3op2-4.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-2.3.3op2-4.2.ppc64le",
"product": {
"name": "cups-2.3.3op2-4.2.ppc64le",
"product_id": "cups-2.3.3op2-4.2.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-client-2.3.3op2-4.2.ppc64le",
"product": {
"name": "cups-client-2.3.3op2-4.2.ppc64le",
"product_id": "cups-client-2.3.3op2-4.2.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-config-2.3.3op2-4.2.ppc64le",
"product": {
"name": "cups-config-2.3.3op2-4.2.ppc64le",
"product_id": "cups-config-2.3.3op2-4.2.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.3.3op2-4.2.ppc64le",
"product": {
"name": "cups-ddk-2.3.3op2-4.2.ppc64le",
"product_id": "cups-ddk-2.3.3op2-4.2.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-devel-2.3.3op2-4.2.ppc64le",
"product": {
"name": "cups-devel-2.3.3op2-4.2.ppc64le",
"product_id": "cups-devel-2.3.3op2-4.2.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"product": {
"name": "cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"product_id": "cups-devel-32bit-2.3.3op2-4.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libcups2-2.3.3op2-4.2.ppc64le",
"product": {
"name": "libcups2-2.3.3op2-4.2.ppc64le",
"product_id": "libcups2-2.3.3op2-4.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libcups2-32bit-2.3.3op2-4.2.ppc64le",
"product": {
"name": "libcups2-32bit-2.3.3op2-4.2.ppc64le",
"product_id": "libcups2-32bit-2.3.3op2-4.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.3.3op2-4.2.ppc64le",
"product": {
"name": "libcupsimage2-2.3.3op2-4.2.ppc64le",
"product_id": "libcupsimage2-2.3.3op2-4.2.ppc64le"
}
},
{
"category": "product_version",
"name": "libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"product": {
"name": "libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"product_id": "libcupsimage2-32bit-2.3.3op2-4.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-2.3.3op2-4.2.s390x",
"product": {
"name": "cups-2.3.3op2-4.2.s390x",
"product_id": "cups-2.3.3op2-4.2.s390x"
}
},
{
"category": "product_version",
"name": "cups-client-2.3.3op2-4.2.s390x",
"product": {
"name": "cups-client-2.3.3op2-4.2.s390x",
"product_id": "cups-client-2.3.3op2-4.2.s390x"
}
},
{
"category": "product_version",
"name": "cups-config-2.3.3op2-4.2.s390x",
"product": {
"name": "cups-config-2.3.3op2-4.2.s390x",
"product_id": "cups-config-2.3.3op2-4.2.s390x"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.3.3op2-4.2.s390x",
"product": {
"name": "cups-ddk-2.3.3op2-4.2.s390x",
"product_id": "cups-ddk-2.3.3op2-4.2.s390x"
}
},
{
"category": "product_version",
"name": "cups-devel-2.3.3op2-4.2.s390x",
"product": {
"name": "cups-devel-2.3.3op2-4.2.s390x",
"product_id": "cups-devel-2.3.3op2-4.2.s390x"
}
},
{
"category": "product_version",
"name": "cups-devel-32bit-2.3.3op2-4.2.s390x",
"product": {
"name": "cups-devel-32bit-2.3.3op2-4.2.s390x",
"product_id": "cups-devel-32bit-2.3.3op2-4.2.s390x"
}
},
{
"category": "product_version",
"name": "libcups2-2.3.3op2-4.2.s390x",
"product": {
"name": "libcups2-2.3.3op2-4.2.s390x",
"product_id": "libcups2-2.3.3op2-4.2.s390x"
}
},
{
"category": "product_version",
"name": "libcups2-32bit-2.3.3op2-4.2.s390x",
"product": {
"name": "libcups2-32bit-2.3.3op2-4.2.s390x",
"product_id": "libcups2-32bit-2.3.3op2-4.2.s390x"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.3.3op2-4.2.s390x",
"product": {
"name": "libcupsimage2-2.3.3op2-4.2.s390x",
"product_id": "libcupsimage2-2.3.3op2-4.2.s390x"
}
},
{
"category": "product_version",
"name": "libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"product": {
"name": "libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"product_id": "libcupsimage2-32bit-2.3.3op2-4.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-2.3.3op2-4.2.x86_64",
"product": {
"name": "cups-2.3.3op2-4.2.x86_64",
"product_id": "cups-2.3.3op2-4.2.x86_64"
}
},
{
"category": "product_version",
"name": "cups-client-2.3.3op2-4.2.x86_64",
"product": {
"name": "cups-client-2.3.3op2-4.2.x86_64",
"product_id": "cups-client-2.3.3op2-4.2.x86_64"
}
},
{
"category": "product_version",
"name": "cups-config-2.3.3op2-4.2.x86_64",
"product": {
"name": "cups-config-2.3.3op2-4.2.x86_64",
"product_id": "cups-config-2.3.3op2-4.2.x86_64"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.3.3op2-4.2.x86_64",
"product": {
"name": "cups-ddk-2.3.3op2-4.2.x86_64",
"product_id": "cups-ddk-2.3.3op2-4.2.x86_64"
}
},
{
"category": "product_version",
"name": "cups-devel-2.3.3op2-4.2.x86_64",
"product": {
"name": "cups-devel-2.3.3op2-4.2.x86_64",
"product_id": "cups-devel-2.3.3op2-4.2.x86_64"
}
},
{
"category": "product_version",
"name": "cups-devel-32bit-2.3.3op2-4.2.x86_64",
"product": {
"name": "cups-devel-32bit-2.3.3op2-4.2.x86_64",
"product_id": "cups-devel-32bit-2.3.3op2-4.2.x86_64"
}
},
{
"category": "product_version",
"name": "libcups2-2.3.3op2-4.2.x86_64",
"product": {
"name": "libcups2-2.3.3op2-4.2.x86_64",
"product_id": "libcups2-2.3.3op2-4.2.x86_64"
}
},
{
"category": "product_version",
"name": "libcups2-32bit-2.3.3op2-4.2.x86_64",
"product": {
"name": "libcups2-32bit-2.3.3op2-4.2.x86_64",
"product_id": "libcups2-32bit-2.3.3op2-4.2.x86_64"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.3.3op2-4.2.x86_64",
"product": {
"name": "libcupsimage2-2.3.3op2-4.2.x86_64",
"product_id": "libcupsimage2-2.3.3op2-4.2.x86_64"
}
},
{
"category": "product_version",
"name": "libcupsimage2-32bit-2.3.3op2-4.2.x86_64",
"product": {
"name": "libcupsimage2-32bit-2.3.3op2-4.2.x86_64",
"product_id": "libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.3.3op2-4.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64"
},
"product_reference": "cups-2.3.3op2-4.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.3.3op2-4.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le"
},
"product_reference": "cups-2.3.3op2-4.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.3.3op2-4.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x"
},
"product_reference": "cups-2.3.3op2-4.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.3.3op2-4.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64"
},
"product_reference": "cups-2.3.3op2-4.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.3.3op2-4.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64"
},
"product_reference": "cups-client-2.3.3op2-4.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.3.3op2-4.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le"
},
"product_reference": "cups-client-2.3.3op2-4.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.3.3op2-4.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x"
},
"product_reference": "cups-client-2.3.3op2-4.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.3.3op2-4.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64"
},
"product_reference": "cups-client-2.3.3op2-4.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.3.3op2-4.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64"
},
"product_reference": "cups-config-2.3.3op2-4.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.3.3op2-4.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le"
},
"product_reference": "cups-config-2.3.3op2-4.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.3.3op2-4.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x"
},
"product_reference": "cups-config-2.3.3op2-4.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.3.3op2-4.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64"
},
"product_reference": "cups-config-2.3.3op2-4.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.3.3op2-4.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64"
},
"product_reference": "cups-ddk-2.3.3op2-4.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.3.3op2-4.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le"
},
"product_reference": "cups-ddk-2.3.3op2-4.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.3.3op2-4.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x"
},
"product_reference": "cups-ddk-2.3.3op2-4.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.3.3op2-4.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64"
},
"product_reference": "cups-ddk-2.3.3op2-4.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.3.3op2-4.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64"
},
"product_reference": "cups-devel-2.3.3op2-4.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.3.3op2-4.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le"
},
"product_reference": "cups-devel-2.3.3op2-4.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.3.3op2-4.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x"
},
"product_reference": "cups-devel-2.3.3op2-4.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.3.3op2-4.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64"
},
"product_reference": "cups-devel-2.3.3op2-4.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-32bit-2.3.3op2-4.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64"
},
"product_reference": "cups-devel-32bit-2.3.3op2-4.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-32bit-2.3.3op2-4.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le"
},
"product_reference": "cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-32bit-2.3.3op2-4.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x"
},
"product_reference": "cups-devel-32bit-2.3.3op2-4.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-32bit-2.3.3op2-4.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64"
},
"product_reference": "cups-devel-32bit-2.3.3op2-4.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.3.3op2-4.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64"
},
"product_reference": "libcups2-2.3.3op2-4.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.3.3op2-4.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le"
},
"product_reference": "libcups2-2.3.3op2-4.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.3.3op2-4.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x"
},
"product_reference": "libcups2-2.3.3op2-4.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.3.3op2-4.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64"
},
"product_reference": "libcups2-2.3.3op2-4.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-32bit-2.3.3op2-4.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64"
},
"product_reference": "libcups2-32bit-2.3.3op2-4.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-32bit-2.3.3op2-4.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le"
},
"product_reference": "libcups2-32bit-2.3.3op2-4.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-32bit-2.3.3op2-4.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x"
},
"product_reference": "libcups2-32bit-2.3.3op2-4.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-32bit-2.3.3op2-4.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64"
},
"product_reference": "libcups2-32bit-2.3.3op2-4.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.3.3op2-4.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64"
},
"product_reference": "libcupsimage2-2.3.3op2-4.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.3.3op2-4.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le"
},
"product_reference": "libcupsimage2-2.3.3op2-4.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.3.3op2-4.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x"
},
"product_reference": "libcupsimage2-2.3.3op2-4.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.3.3op2-4.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64"
},
"product_reference": "libcupsimage2-2.3.3op2-4.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-32bit-2.3.3op2-4.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64"
},
"product_reference": "libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-32bit-2.3.3op2-4.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le"
},
"product_reference": "libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-32bit-2.3.3op2-4.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x"
},
"product_reference": "libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-32bit-2.3.3op2-4.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
},
"product_reference": "libcupsimage2-32bit-2.3.3op2-4.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-3193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2005-3193"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2005-3193",
"url": "https://www.suse.com/security/cve/CVE-2005-3193"
},
{
"category": "external",
"summary": "SUSE Bug 137156 for CVE-2005-3193",
"url": "https://bugzilla.suse.com/137156"
},
{
"category": "external",
"summary": "SUSE Bug 142106 for CVE-2005-3193",
"url": "https://bugzilla.suse.com/142106"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2005-3193"
},
{
"cve": "CVE-2005-3624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2005-3624"
}
],
"notes": [
{
"category": "general",
"text": "The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2005-3624",
"url": "https://www.suse.com/security/cve/CVE-2005-3624"
},
{
"category": "external",
"summary": "SUSE Bug 137156 for CVE-2005-3624",
"url": "https://bugzilla.suse.com/137156"
},
{
"category": "external",
"summary": "SUSE Bug 142106 for CVE-2005-3624",
"url": "https://bugzilla.suse.com/142106"
},
{
"category": "external",
"summary": "SUSE Bug 291690 for CVE-2005-3624",
"url": "https://bugzilla.suse.com/291690"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2005-3624"
},
{
"cve": "CVE-2005-3628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2005-3628"
}
],
"notes": [
{
"category": "general",
"text": "Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2005-3628",
"url": "https://www.suse.com/security/cve/CVE-2005-3628"
},
{
"category": "external",
"summary": "SUSE Bug 137156 for CVE-2005-3628",
"url": "https://bugzilla.suse.com/137156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2005-3628"
},
{
"cve": "CVE-2007-0104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-0104"
}
],
"notes": [
{
"category": "general",
"text": "The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-0104",
"url": "https://www.suse.com/security/cve/CVE-2007-0104"
},
{
"category": "external",
"summary": "SUSE Bug 233113 for CVE-2007-0104",
"url": "https://bugzilla.suse.com/233113"
},
{
"category": "external",
"summary": "SUSE Bug 234492 for CVE-2007-0104",
"url": "https://bugzilla.suse.com/234492"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-0104"
},
{
"cve": "CVE-2007-3387",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-3387"
}
],
"notes": [
{
"category": "general",
"text": "Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-3387",
"url": "https://www.suse.com/security/cve/CVE-2007-3387"
},
{
"category": "external",
"summary": "SUSE Bug 291690 for CVE-2007-3387",
"url": "https://bugzilla.suse.com/291690"
},
{
"category": "external",
"summary": "SUSE Bug 335637 for CVE-2007-3387",
"url": "https://bugzilla.suse.com/335637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2007-3387"
},
{
"cve": "CVE-2007-4351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-4351"
}
],
"notes": [
{
"category": "general",
"text": "Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-4351",
"url": "https://www.suse.com/security/cve/CVE-2007-4351"
},
{
"category": "external",
"summary": "SUSE Bug 335635 for CVE-2007-4351",
"url": "https://bugzilla.suse.com/335635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-4351"
},
{
"cve": "CVE-2007-4352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-4352"
}
],
"notes": [
{
"category": "general",
"text": "Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-4352",
"url": "https://www.suse.com/security/cve/CVE-2007-4352"
},
{
"category": "external",
"summary": "SUSE Bug 335637 for CVE-2007-4352",
"url": "https://bugzilla.suse.com/335637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2007-4352"
},
{
"cve": "CVE-2007-5393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2007-5393"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2007-5393",
"url": "https://www.suse.com/security/cve/CVE-2007-5393"
},
{
"category": "external",
"summary": "SUSE Bug 335637 for CVE-2007-5393",
"url": "https://bugzilla.suse.com/335637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2007-5393"
},
{
"cve": "CVE-2008-0047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-0047"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-0047",
"url": "https://www.suse.com/security/cve/CVE-2008-0047"
},
{
"category": "external",
"summary": "SUSE Bug 367225 for CVE-2008-0047",
"url": "https://bugzilla.suse.com/367225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-0047"
},
{
"cve": "CVE-2008-1693",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1693"
}
],
"notes": [
{
"category": "general",
"text": "The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this font object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1693",
"url": "https://www.suse.com/security/cve/CVE-2008-1693"
},
{
"category": "external",
"summary": "SUSE Bug 377838 for CVE-2008-1693",
"url": "https://bugzilla.suse.com/377838"
},
{
"category": "external",
"summary": "SUSE Bug 377872 for CVE-2008-1693",
"url": "https://bugzilla.suse.com/377872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-1693"
},
{
"cve": "CVE-2008-1722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-1722"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-1722",
"url": "https://www.suse.com/security/cve/CVE-2008-1722"
},
{
"category": "external",
"summary": "SUSE Bug 378335 for CVE-2008-1722",
"url": "https://bugzilla.suse.com/378335"
},
{
"category": "external",
"summary": "SUSE Bug 448631 for CVE-2008-1722",
"url": "https://bugzilla.suse.com/448631"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2008-1722"
},
{
"cve": "CVE-2008-3641",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2008-3641"
}
],
"notes": [
{
"category": "general",
"text": "The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2008-3641",
"url": "https://www.suse.com/security/cve/CVE-2008-3641"
},
{
"category": "external",
"summary": "SUSE Bug 430543 for CVE-2008-3641",
"url": "https://bugzilla.suse.com/430543"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2008-3641"
},
{
"cve": "CVE-2017-18248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18248"
}
],
"notes": [
{
"category": "general",
"text": "The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18248",
"url": "https://www.suse.com/security/cve/CVE-2017-18248"
},
{
"category": "external",
"summary": "SUSE Bug 1087018 for CVE-2017-18248",
"url": "https://bugzilla.suse.com/1087018"
},
{
"category": "external",
"summary": "SUSE Bug 1087072 for CVE-2017-18248",
"url": "https://bugzilla.suse.com/1087072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-18248"
},
{
"cve": "CVE-2018-4700",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-4700"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-4300. Reason: This candidate is a duplicate of CVE-2018-4300. Notes: All CVE users should reference CVE-2018-4300 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-4700",
"url": "https://www.suse.com/security/cve/CVE-2018-4700"
},
{
"category": "external",
"summary": "SUSE Bug 1115750 for CVE-2018-4700",
"url": "https://bugzilla.suse.com/1115750"
},
{
"category": "external",
"summary": "SUSE Bug 1131480 for CVE-2018-4700",
"url": "https://bugzilla.suse.com/1131480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-4700"
},
{
"cve": "CVE-2019-2228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-2228"
}
],
"notes": [
{
"category": "general",
"text": "In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-2228",
"url": "https://www.suse.com/security/cve/CVE-2019-2228"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-2228"
},
{
"cve": "CVE-2019-8696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8696"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8696",
"url": "https://www.suse.com/security/cve/CVE-2019-8696"
},
{
"category": "external",
"summary": "SUSE Bug 1146358 for CVE-2019-8696",
"url": "https://bugzilla.suse.com/1146358"
},
{
"category": "external",
"summary": "SUSE Bug 1146359 for CVE-2019-8696",
"url": "https://bugzilla.suse.com/1146359"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-8696"
},
{
"cve": "CVE-2019-8842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8842"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8842",
"url": "https://www.suse.com/security/cve/CVE-2019-8842"
},
{
"category": "external",
"summary": "SUSE Bug 1170671 for CVE-2019-8842",
"url": "https://bugzilla.suse.com/1170671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-8842"
},
{
"cve": "CVE-2020-10001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10001"
}
],
"notes": [
{
"category": "general",
"text": "An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10001",
"url": "https://www.suse.com/security/cve/CVE-2020-10001"
},
{
"category": "external",
"summary": "SUSE Bug 1170671 for CVE-2020-10001",
"url": "https://bugzilla.suse.com/1170671"
},
{
"category": "external",
"summary": "SUSE Bug 1180520 for CVE-2020-10001",
"url": "https://bugzilla.suse.com/1180520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10001"
},
{
"cve": "CVE-2020-3898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-3898"
}
],
"notes": [
{
"category": "general",
"text": "A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-3898",
"url": "https://www.suse.com/security/cve/CVE-2020-3898"
},
{
"category": "external",
"summary": "SUSE Bug 1168422 for CVE-2020-3898",
"url": "https://bugzilla.suse.com/1168422"
},
{
"category": "external",
"summary": "SUSE Bug 1170671 for CVE-2020-3898",
"url": "https://bugzilla.suse.com/1170671"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-3898"
},
{
"cve": "CVE-2021-25317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-25317"
}
],
"notes": [
{
"category": "general",
"text": "A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-25317",
"url": "https://www.suse.com/security/cve/CVE-2021-25317"
},
{
"category": "external",
"summary": "SUSE Bug 1184161 for CVE-2021-25317",
"url": "https://bugzilla.suse.com/1184161"
},
{
"category": "external",
"summary": "SUSE Bug 1192358 for CVE-2021-25317",
"url": "https://bugzilla.suse.com/1192358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-client-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-config-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-ddk-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:cups-devel-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcups2-32bit-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-2.3.3op2-4.2.x86_64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.aarch64",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.ppc64le",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.s390x",
"openSUSE Tumbleweed:libcupsimage2-32bit-2.3.3op2-4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-25317"
}
]
}
suse-su-2018:2162-1
Vulnerability from csaf_suse
Published
2018-08-01 12:02
Modified
2018-08-01 12:02
Summary
Security update for cups
Notes
Title of the patch
Security update for cups
Description of the patch
This update for cups fixes the following issues:
The following security vulnerabilities were fixed:
- CVE-2017-18248: Handle invalid characters properly in printing jobs. This fixes a problem that
was causing the DBUS library to abort the calling process. (bsc#1061066 bsc#1087018)
- Fixed a local privilege escalation to root and sandbox bypasses in the
scheduler
- CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend
(bsc#1096405)
- CVE-2018-4181: Limited local file reads as root via cupsd.conf include
directive (bsc#1096406)
- CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling
(bsc#1096407)
- CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration
(bsc#1096408)
The following other issue was fixed:
- Fixed authorization check for clients (like samba) connected through the
local socket when Kerberos authentication is enabled (bsc#1050082)
Patchnames
SUSE-SLE-DESKTOP-12-SP3-2018-1471,SUSE-SLE-SDK-12-SP3-2018-1471,SUSE-SLE-SERVER-12-SP3-2018-1471
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cups",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cups fixes the following issues:\n\nThe following security vulnerabilities were fixed:\n\n- CVE-2017-18248: Handle invalid characters properly in printing jobs. This fixes a problem that\n was causing the DBUS library to abort the calling process. (bsc#1061066 bsc#1087018)\n- Fixed a local privilege escalation to root and sandbox bypasses in the\n scheduler\n- CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend\n (bsc#1096405)\n- CVE-2018-4181: Limited local file reads as root via cupsd.conf include\n directive (bsc#1096406)\n- CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling\n (bsc#1096407)\n- CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration\n (bsc#1096408)\n\nThe following other issue was fixed:\n\n- Fixed authorization check for clients (like samba) connected through the\n local socket when Kerberos authentication is enabled (bsc#1050082)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP3-2018-1471,SUSE-SLE-SDK-12-SP3-2018-1471,SUSE-SLE-SERVER-12-SP3-2018-1471",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2162-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2162-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182162-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2162-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-August/004364.html"
},
{
"category": "self",
"summary": "SUSE Bug 1050082",
"url": "https://bugzilla.suse.com/1050082"
},
{
"category": "self",
"summary": "SUSE Bug 1061066",
"url": "https://bugzilla.suse.com/1061066"
},
{
"category": "self",
"summary": "SUSE Bug 1087018",
"url": "https://bugzilla.suse.com/1087018"
},
{
"category": "self",
"summary": "SUSE Bug 1096405",
"url": "https://bugzilla.suse.com/1096405"
},
{
"category": "self",
"summary": "SUSE Bug 1096406",
"url": "https://bugzilla.suse.com/1096406"
},
{
"category": "self",
"summary": "SUSE Bug 1096407",
"url": "https://bugzilla.suse.com/1096407"
},
{
"category": "self",
"summary": "SUSE Bug 1096408",
"url": "https://bugzilla.suse.com/1096408"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18248 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-4180 page",
"url": "https://www.suse.com/security/cve/CVE-2018-4180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-4181 page",
"url": "https://www.suse.com/security/cve/CVE-2018-4181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-4182 page",
"url": "https://www.suse.com/security/cve/CVE-2018-4182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-4183 page",
"url": "https://www.suse.com/security/cve/CVE-2018-4183/"
}
],
"title": "Security update for cups",
"tracking": {
"current_release_date": "2018-08-01T12:02:19Z",
"generator": {
"date": "2018-08-01T12:02:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2162-1",
"initial_release_date": "2018-08-01T12:02:19Z",
"revision_history": [
{
"date": "2018-08-01T12:02:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cups-ddk-1.7.5-20.14.1.aarch64",
"product": {
"name": "cups-ddk-1.7.5-20.14.1.aarch64",
"product_id": "cups-ddk-1.7.5-20.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-devel-1.7.5-20.14.1.aarch64",
"product": {
"name": "cups-devel-1.7.5-20.14.1.aarch64",
"product_id": "cups-devel-1.7.5-20.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-1.7.5-20.14.1.aarch64",
"product": {
"name": "cups-1.7.5-20.14.1.aarch64",
"product_id": "cups-1.7.5-20.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-client-1.7.5-20.14.1.aarch64",
"product": {
"name": "cups-client-1.7.5-20.14.1.aarch64",
"product_id": "cups-client-1.7.5-20.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-libs-1.7.5-20.14.1.aarch64",
"product": {
"name": "cups-libs-1.7.5-20.14.1.aarch64",
"product_id": "cups-libs-1.7.5-20.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-ddk-1.7.5-20.14.1.ppc64le",
"product": {
"name": "cups-ddk-1.7.5-20.14.1.ppc64le",
"product_id": "cups-ddk-1.7.5-20.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-devel-1.7.5-20.14.1.ppc64le",
"product": {
"name": "cups-devel-1.7.5-20.14.1.ppc64le",
"product_id": "cups-devel-1.7.5-20.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-1.7.5-20.14.1.ppc64le",
"product": {
"name": "cups-1.7.5-20.14.1.ppc64le",
"product_id": "cups-1.7.5-20.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-client-1.7.5-20.14.1.ppc64le",
"product": {
"name": "cups-client-1.7.5-20.14.1.ppc64le",
"product_id": "cups-client-1.7.5-20.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-libs-1.7.5-20.14.1.ppc64le",
"product": {
"name": "cups-libs-1.7.5-20.14.1.ppc64le",
"product_id": "cups-libs-1.7.5-20.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-ddk-1.7.5-20.14.1.s390x",
"product": {
"name": "cups-ddk-1.7.5-20.14.1.s390x",
"product_id": "cups-ddk-1.7.5-20.14.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-devel-1.7.5-20.14.1.s390x",
"product": {
"name": "cups-devel-1.7.5-20.14.1.s390x",
"product_id": "cups-devel-1.7.5-20.14.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-1.7.5-20.14.1.s390x",
"product": {
"name": "cups-1.7.5-20.14.1.s390x",
"product_id": "cups-1.7.5-20.14.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-client-1.7.5-20.14.1.s390x",
"product": {
"name": "cups-client-1.7.5-20.14.1.s390x",
"product_id": "cups-client-1.7.5-20.14.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-libs-1.7.5-20.14.1.s390x",
"product": {
"name": "cups-libs-1.7.5-20.14.1.s390x",
"product_id": "cups-libs-1.7.5-20.14.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-libs-32bit-1.7.5-20.14.1.s390x",
"product": {
"name": "cups-libs-32bit-1.7.5-20.14.1.s390x",
"product_id": "cups-libs-32bit-1.7.5-20.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-1.7.5-20.14.1.x86_64",
"product": {
"name": "cups-1.7.5-20.14.1.x86_64",
"product_id": "cups-1.7.5-20.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-client-1.7.5-20.14.1.x86_64",
"product": {
"name": "cups-client-1.7.5-20.14.1.x86_64",
"product_id": "cups-client-1.7.5-20.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-libs-1.7.5-20.14.1.x86_64",
"product": {
"name": "cups-libs-1.7.5-20.14.1.x86_64",
"product_id": "cups-libs-1.7.5-20.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-libs-32bit-1.7.5-20.14.1.x86_64",
"product": {
"name": "cups-libs-32bit-1.7.5-20.14.1.x86_64",
"product_id": "cups-libs-32bit-1.7.5-20.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-ddk-1.7.5-20.14.1.x86_64",
"product": {
"name": "cups-ddk-1.7.5-20.14.1.x86_64",
"product_id": "cups-ddk-1.7.5-20.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-devel-1.7.5-20.14.1.x86_64",
"product": {
"name": "cups-devel-1.7.5-20.14.1.x86_64",
"product_id": "cups-devel-1.7.5-20.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-1.7.5-20.14.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64"
},
"product_reference": "cups-1.7.5-20.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-1.7.5-20.14.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64"
},
"product_reference": "cups-client-1.7.5-20.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-libs-1.7.5-20.14.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64"
},
"product_reference": "cups-libs-1.7.5-20.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-libs-32bit-1.7.5-20.14.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64"
},
"product_reference": "cups-libs-32bit-1.7.5-20.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-1.7.5-20.14.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64"
},
"product_reference": "cups-ddk-1.7.5-20.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-1.7.5-20.14.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le"
},
"product_reference": "cups-ddk-1.7.5-20.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-1.7.5-20.14.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x"
},
"product_reference": "cups-ddk-1.7.5-20.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-1.7.5-20.14.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64"
},
"product_reference": "cups-ddk-1.7.5-20.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-1.7.5-20.14.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64"
},
"product_reference": "cups-devel-1.7.5-20.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-1.7.5-20.14.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le"
},
"product_reference": "cups-devel-1.7.5-20.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-1.7.5-20.14.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x"
},
"product_reference": "cups-devel-1.7.5-20.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-1.7.5-20.14.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
},
"product_reference": "cups-devel-1.7.5-20.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-1.7.5-20.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64"
},
"product_reference": "cups-1.7.5-20.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-1.7.5-20.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le"
},
"product_reference": "cups-1.7.5-20.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-1.7.5-20.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x"
},
"product_reference": "cups-1.7.5-20.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-1.7.5-20.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64"
},
"product_reference": "cups-1.7.5-20.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-1.7.5-20.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64"
},
"product_reference": "cups-client-1.7.5-20.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-1.7.5-20.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le"
},
"product_reference": "cups-client-1.7.5-20.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-1.7.5-20.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x"
},
"product_reference": "cups-client-1.7.5-20.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-1.7.5-20.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64"
},
"product_reference": "cups-client-1.7.5-20.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-libs-1.7.5-20.14.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64"
},
"product_reference": "cups-libs-1.7.5-20.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-libs-1.7.5-20.14.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le"
},
"product_reference": "cups-libs-1.7.5-20.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-libs-1.7.5-20.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x"
},
"product_reference": "cups-libs-1.7.5-20.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-libs-1.7.5-20.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64"
},
"product_reference": "cups-libs-1.7.5-20.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-libs-32bit-1.7.5-20.14.1.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x"
},
"product_reference": "cups-libs-32bit-1.7.5-20.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-libs-32bit-1.7.5-20.14.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64"
},
"product_reference": "cups-libs-32bit-1.7.5-20.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-1.7.5-20.14.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64"
},
"product_reference": "cups-1.7.5-20.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-1.7.5-20.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le"
},
"product_reference": "cups-1.7.5-20.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-1.7.5-20.14.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x"
},
"product_reference": "cups-1.7.5-20.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-1.7.5-20.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64"
},
"product_reference": "cups-1.7.5-20.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-1.7.5-20.14.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64"
},
"product_reference": "cups-client-1.7.5-20.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-1.7.5-20.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le"
},
"product_reference": "cups-client-1.7.5-20.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-1.7.5-20.14.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x"
},
"product_reference": "cups-client-1.7.5-20.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-1.7.5-20.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64"
},
"product_reference": "cups-client-1.7.5-20.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-libs-1.7.5-20.14.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64"
},
"product_reference": "cups-libs-1.7.5-20.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-libs-1.7.5-20.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le"
},
"product_reference": "cups-libs-1.7.5-20.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-libs-1.7.5-20.14.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x"
},
"product_reference": "cups-libs-1.7.5-20.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-libs-1.7.5-20.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64"
},
"product_reference": "cups-libs-1.7.5-20.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-libs-32bit-1.7.5-20.14.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x"
},
"product_reference": "cups-libs-32bit-1.7.5-20.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-libs-32bit-1.7.5-20.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64"
},
"product_reference": "cups-libs-32bit-1.7.5-20.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-18248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18248"
}
],
"notes": [
{
"category": "general",
"text": "The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18248",
"url": "https://www.suse.com/security/cve/CVE-2017-18248"
},
{
"category": "external",
"summary": "SUSE Bug 1087018 for CVE-2017-18248",
"url": "https://bugzilla.suse.com/1087018"
},
{
"category": "external",
"summary": "SUSE Bug 1087072 for CVE-2017-18248",
"url": "https://bugzilla.suse.com/1087072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-01T12:02:19Z",
"details": "moderate"
}
],
"title": "CVE-2017-18248"
},
{
"cve": "CVE-2018-4180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-4180"
}
],
"notes": [
{
"category": "general",
"text": "In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-4180",
"url": "https://www.suse.com/security/cve/CVE-2018-4180"
},
{
"category": "external",
"summary": "SUSE Bug 1096405 for CVE-2018-4180",
"url": "https://bugzilla.suse.com/1096405"
},
{
"category": "external",
"summary": "SUSE Bug 1096408 for CVE-2018-4180",
"url": "https://bugzilla.suse.com/1096408"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-01T12:02:19Z",
"details": "important"
}
],
"title": "CVE-2018-4180"
},
{
"cve": "CVE-2018-4181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-4181"
}
],
"notes": [
{
"category": "general",
"text": "In macOS High Sierra before 10.13.5, an issue existed in CUPS. This issue was addressed with improved access restrictions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-4181",
"url": "https://www.suse.com/security/cve/CVE-2018-4181"
},
{
"category": "external",
"summary": "SUSE Bug 1096406 for CVE-2018-4181",
"url": "https://bugzilla.suse.com/1096406"
},
{
"category": "external",
"summary": "SUSE Bug 1096408 for CVE-2018-4181",
"url": "https://bugzilla.suse.com/1096408"
},
{
"category": "external",
"summary": "SUSE Bug 1105281 for CVE-2018-4181",
"url": "https://bugzilla.suse.com/1105281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-01T12:02:19Z",
"details": "moderate"
}
],
"title": "CVE-2018-4181"
},
{
"cve": "CVE-2018-4182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-4182"
}
],
"notes": [
{
"category": "general",
"text": "In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-4182",
"url": "https://www.suse.com/security/cve/CVE-2018-4182"
},
{
"category": "external",
"summary": "SUSE Bug 1096407 for CVE-2018-4182",
"url": "https://bugzilla.suse.com/1096407"
},
{
"category": "external",
"summary": "SUSE Bug 1096408 for CVE-2018-4182",
"url": "https://bugzilla.suse.com/1096408"
},
{
"category": "external",
"summary": "SUSE Bug 1105281 for CVE-2018-4182",
"url": "https://bugzilla.suse.com/1105281"
},
{
"category": "external",
"summary": "SUSE Bug 1217278 for CVE-2018-4182",
"url": "https://bugzilla.suse.com/1217278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-01T12:02:19Z",
"details": "moderate"
}
],
"title": "CVE-2018-4182"
},
{
"cve": "CVE-2018-4183",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-4183"
}
],
"notes": [
{
"category": "general",
"text": "In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-4183",
"url": "https://www.suse.com/security/cve/CVE-2018-4183"
},
{
"category": "external",
"summary": "SUSE Bug 1096407 for CVE-2018-4183",
"url": "https://bugzilla.suse.com/1096407"
},
{
"category": "external",
"summary": "SUSE Bug 1096408 for CVE-2018-4183",
"url": "https://bugzilla.suse.com/1096408"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-client-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:cups-libs-32bit-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-ddk-1.7.5-20.14.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:cups-devel-1.7.5-20.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-08-01T12:02:19Z",
"details": "moderate"
}
],
"title": "CVE-2018-4183"
}
]
}
ghsa-445m-qfhv-mv64
Vulnerability from github
Published
2022-05-14 03:14
Modified
2022-05-14 03:14
Severity ?
VLAI Severity ?
Details
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
{
"affected": [],
"aliases": [
"CVE-2017-18248"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-26T17:29:00Z",
"severity": "MODERATE"
},
"details": "The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.",
"id": "GHSA-445m-qfhv-mv64",
"modified": "2022-05-14T03:14:39Z",
"published": "2022-05-14T03:14:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18248"
},
{
"type": "WEB",
"url": "https://github.com/apple/cups/issues/5143"
},
{
"type": "WEB",
"url": "https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3"
},
{
"type": "WEB",
"url": "https://github.com/apple/cups/releases/tag/v2.2.6"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html"
},
{
"type": "WEB",
"url": "https://security.cucumberlinux.com/security/details.php?id=346"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3713-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…