OPENSUSE-SU-2026:20172-1
Vulnerability from csaf_opensuse - Published: 2026-02-04 11:37 - Updated: 2026-02-04 11:37Summary
Security update for cups
Notes
Title of the patch
Security update for cups
Description of the patch
This update for cups fixes the following issues:
Update to version 2.4.16.
Security issues fixed:
- CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues (bsc#1253783).
- CVE-2025-58436: slow client communication leads to a possible DoS attack (bsc#1244057).
- CVE-2025-58364: unsafe deserialization and validation of printer attributes can cause a null dereference (bsc#1249128).
- CVE-2025-58060: authentication bypass with AuthType Negotiate (bsc#1249049).
Other updates and bugfixes:
- Version upgrade to 2.4.16:
* 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences,
potentially reading past the end of the source string
(Issue #1438)
* The web interface did not support domain usernames fully
(Issue #1441)
* Fixed an infinite loop issue in the GTK+ print dialog
(Issue #1439 boo#1254353)
* Fixed stopping scheduler on unknown directive in
configuration (Issue #1443)
* Fixed packages for Immutable Mode (jsc#PED-14775
from epic jsc#PED-14688)
- Version upgrade to 2.4.15:
* Fixed potential crash in 'cups-driverd' when there are
duplicate PPDs (Issue #1355)
* Fixed error recovery when scanning for PPDs
in 'cups-driverd' (Issue #1416)
- Version upgrade to 2.4.14.
- Version upgrade to 2.4.13:
* Added 'print-as-raster' printer and job attributes
for forcing rasterization (Issue #1282)
* Updated documentation (Issue #1086)
* Updated IPP backend to try a sanitized user name if the
printer/server does not like the value (Issue #1145)
* Updated the scheduler to send the "printer-added"
or "printer-modified" events whenever an IPP Everywhere PPD
is installed (Issue #1244)
* Updated the scheduler to send the "printer-modified" event
whenever the system default printer is changed (Issue #1246)
* Fixed a memory leak in 'httpClose' (Issue #1223)
* Fixed missing commas in 'ippCreateRequestedArray'
(Issue #1234)
* Fixed subscription issues in the scheduler and D-Bus notifier
(Issue #1235)
* Fixed media-default reporting for custom sizes (Issue #1238)
* Fixed support for IPP/PPD options with periods or underscores
(Issue #1249)
* Fixed parsing of real numbers in PPD compiler source files
(Issue #1263)
* Fixed scheduler freezing with zombie clients (Issue #1264)
* Fixed support for the server name in the ErrorLog filename
(Issue #1277)
* Fixed job cleanup after daemon restart (Issue #1315)
* Fixed handling of buggy DYMO USB printer serial numbers
(Issue #1338)
* Fixed unreachable block in IPP backend (Issue #1351)
* Fixed memory leak in _cupsConvertOptions (Issue #1354)
- Version upgrade to 2.4.12:
* GnuTLS follows system crypto policies now (Issue #1105)
* Added `NoSystem` SSLOptions value (Issue #1130)
* Now we raise alert for certificate issues (Issue #1194)
* Added Kyocera USB quirk (Issue #1198)
* The scheduler now logs a job's debugging history
if the backend fails (Issue #1205)
* Fixed a potential timing issue with `cupsEnumDests`
(Issue #1084)
* Fixed a potential "lost PPD" condition in the scheduler
(Issue #1109)
* Fixed a compressed file error handling bug (Issue #1070)
* Fixed a bug in the make-and-model whitespace trimming
code (Issue #1096)
* Fixed a removal of IPP Everywhere permanent queue
if installation failed (Issue #1102)
* Fixed `ServerToken None` in scheduler (Issue #1111)
* Fixed invalid IPP keyword values created from PPD
option names (Issue #1118)
* Fixed handling of "media" and "PageSize" in the same
print request (Issue #1125)
* Fixed client raster printing from macOS (Issue #1143)
* Fixed the default User-Agent string.
* Fixed a recursion issue in `ippReadIO`.
* Fixed handling incorrect radix in `scan_ps()` (Issue #1188)
* Fixed validation of dateTime values with time zones
more than UTC+11 (Issue #1201)
* Fixed attributes returned by the Create-Xxx-Subscriptions
requests (Issue #1204)
* Fixed `ippDateToTime` when using a non GMT/UTC timezone
(Issue #1208)
* Fixed `job-completed` event notifications for jobs that are
cancelled before started (Issue #1209)
* Fixed DNS-SD discovery with `ippfind` (Issue #1211)
Patchnames
openSUSE-Leap-16.0-242
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cups",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cups fixes the following issues:\n\nUpdate to version 2.4.16.\n\nSecurity issues fixed:\n\n- CVE-2025-61915: local denial-of-service via cupsd.conf update and related issues (bsc#1253783).\n- CVE-2025-58436: slow client communication leads to a possible DoS attack (bsc#1244057).\n- CVE-2025-58364: unsafe deserialization and validation of printer attributes can cause a null dereference (bsc#1249128).\n- CVE-2025-58060: authentication bypass with AuthType Negotiate (bsc#1249049).\n\nOther updates and bugfixes:\n\n- Version upgrade to 2.4.16:\n\n * \u0027cupsUTF8ToCharset\u0027 didn\u0027t validate 2-byte UTF-8 sequences,\n potentially reading past the end of the source string\n (Issue #1438)\n * The web interface did not support domain usernames fully\n (Issue #1441)\n * Fixed an infinite loop issue in the GTK+ print dialog\n (Issue #1439 boo#1254353)\n * Fixed stopping scheduler on unknown directive in\n configuration (Issue #1443)\n * Fixed packages for Immutable Mode (jsc#PED-14775\n from epic jsc#PED-14688)\n\n- Version upgrade to 2.4.15:\n\n * Fixed potential crash in \u0027cups-driverd\u0027 when there are\n duplicate PPDs (Issue #1355)\n * Fixed error recovery when scanning for PPDs\n in \u0027cups-driverd\u0027 (Issue #1416)\n\n- Version upgrade to 2.4.14.\n\n- Version upgrade to 2.4.13:\n\n * Added \u0027print-as-raster\u0027 printer and job attributes\n for forcing rasterization (Issue #1282)\n * Updated documentation (Issue #1086)\n * Updated IPP backend to try a sanitized user name if the\n printer/server does not like the value (Issue #1145)\n * Updated the scheduler to send the \"printer-added\"\n or \"printer-modified\" events whenever an IPP Everywhere PPD\n is installed (Issue #1244)\n * Updated the scheduler to send the \"printer-modified\" event\n whenever the system default printer is changed (Issue #1246)\n * Fixed a memory leak in \u0027httpClose\u0027 (Issue #1223)\n * Fixed missing commas in \u0027ippCreateRequestedArray\u0027\n (Issue #1234)\n * Fixed subscription issues in the scheduler and D-Bus notifier\n (Issue #1235)\n * Fixed media-default reporting for custom sizes (Issue #1238)\n * Fixed support for IPP/PPD options with periods or underscores\n (Issue #1249)\n * Fixed parsing of real numbers in PPD compiler source files\n (Issue #1263)\n * Fixed scheduler freezing with zombie clients (Issue #1264)\n * Fixed support for the server name in the ErrorLog filename\n (Issue #1277)\n * Fixed job cleanup after daemon restart (Issue #1315)\n * Fixed handling of buggy DYMO USB printer serial numbers\n (Issue #1338)\n * Fixed unreachable block in IPP backend (Issue #1351)\n * Fixed memory leak in _cupsConvertOptions (Issue #1354)\n\n- Version upgrade to 2.4.12:\n\n * GnuTLS follows system crypto policies now (Issue #1105)\n * Added `NoSystem` SSLOptions value (Issue #1130)\n * Now we raise alert for certificate issues (Issue #1194)\n * Added Kyocera USB quirk (Issue #1198)\n * The scheduler now logs a job\u0027s debugging history\n if the backend fails (Issue #1205)\n * Fixed a potential timing issue with `cupsEnumDests`\n (Issue #1084)\n * Fixed a potential \"lost PPD\" condition in the scheduler\n (Issue #1109)\n * Fixed a compressed file error handling bug (Issue #1070)\n * Fixed a bug in the make-and-model whitespace trimming\n code (Issue #1096)\n * Fixed a removal of IPP Everywhere permanent queue\n if installation failed (Issue #1102)\n * Fixed `ServerToken None` in scheduler (Issue #1111)\n * Fixed invalid IPP keyword values created from PPD\n option names (Issue #1118)\n * Fixed handling of \"media\" and \"PageSize\" in the same\n print request (Issue #1125)\n * Fixed client raster printing from macOS (Issue #1143)\n * Fixed the default User-Agent string.\n * Fixed a recursion issue in `ippReadIO`.\n * Fixed handling incorrect radix in `scan_ps()` (Issue #1188)\n * Fixed validation of dateTime values with time zones\n more than UTC+11 (Issue #1201)\n * Fixed attributes returned by the Create-Xxx-Subscriptions\n requests (Issue #1204)\n * Fixed `ippDateToTime` when using a non GMT/UTC timezone\n (Issue #1208)\n * Fixed `job-completed` event notifications for jobs that are\n cancelled before started (Issue #1209)\n * Fixed DNS-SD discovery with `ippfind` (Issue #1211)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-242",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20172-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1244057",
"url": "https://bugzilla.suse.com/1244057"
},
{
"category": "self",
"summary": "SUSE Bug 1249049",
"url": "https://bugzilla.suse.com/1249049"
},
{
"category": "self",
"summary": "SUSE Bug 1249128",
"url": "https://bugzilla.suse.com/1249128"
},
{
"category": "self",
"summary": "SUSE Bug 1253783",
"url": "https://bugzilla.suse.com/1253783"
},
{
"category": "self",
"summary": "SUSE Bug 1254353",
"url": "https://bugzilla.suse.com/1254353"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58060 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58364 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58436 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61915 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61915/"
}
],
"title": "Security update for cups",
"tracking": {
"current_release_date": "2026-02-04T11:37:13Z",
"generator": {
"date": "2026-02-04T11:37:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20172-1",
"initial_release_date": "2026-02-04T11:37:13Z",
"revision_history": [
{
"date": "2026-02-04T11:37:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cups-2.4.16-160000.1.1.aarch64",
"product": {
"name": "cups-2.4.16-160000.1.1.aarch64",
"product_id": "cups-2.4.16-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-client-2.4.16-160000.1.1.aarch64",
"product": {
"name": "cups-client-2.4.16-160000.1.1.aarch64",
"product_id": "cups-client-2.4.16-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-config-2.4.16-160000.1.1.aarch64",
"product": {
"name": "cups-config-2.4.16-160000.1.1.aarch64",
"product_id": "cups-config-2.4.16-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.4.16-160000.1.1.aarch64",
"product": {
"name": "cups-ddk-2.4.16-160000.1.1.aarch64",
"product_id": "cups-ddk-2.4.16-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "cups-devel-2.4.16-160000.1.1.aarch64",
"product": {
"name": "cups-devel-2.4.16-160000.1.1.aarch64",
"product_id": "cups-devel-2.4.16-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcups2-2.4.16-160000.1.1.aarch64",
"product": {
"name": "libcups2-2.4.16-160000.1.1.aarch64",
"product_id": "libcups2-2.4.16-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.4.16-160000.1.1.aarch64",
"product": {
"name": "libcupsimage2-2.4.16-160000.1.1.aarch64",
"product_id": "libcupsimage2-2.4.16-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-2.4.16-160000.1.1.ppc64le",
"product": {
"name": "cups-2.4.16-160000.1.1.ppc64le",
"product_id": "cups-2.4.16-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-client-2.4.16-160000.1.1.ppc64le",
"product": {
"name": "cups-client-2.4.16-160000.1.1.ppc64le",
"product_id": "cups-client-2.4.16-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-config-2.4.16-160000.1.1.ppc64le",
"product": {
"name": "cups-config-2.4.16-160000.1.1.ppc64le",
"product_id": "cups-config-2.4.16-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.4.16-160000.1.1.ppc64le",
"product": {
"name": "cups-ddk-2.4.16-160000.1.1.ppc64le",
"product_id": "cups-ddk-2.4.16-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cups-devel-2.4.16-160000.1.1.ppc64le",
"product": {
"name": "cups-devel-2.4.16-160000.1.1.ppc64le",
"product_id": "cups-devel-2.4.16-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcups2-2.4.16-160000.1.1.ppc64le",
"product": {
"name": "libcups2-2.4.16-160000.1.1.ppc64le",
"product_id": "libcups2-2.4.16-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.4.16-160000.1.1.ppc64le",
"product": {
"name": "libcupsimage2-2.4.16-160000.1.1.ppc64le",
"product_id": "libcupsimage2-2.4.16-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-2.4.16-160000.1.1.s390x",
"product": {
"name": "cups-2.4.16-160000.1.1.s390x",
"product_id": "cups-2.4.16-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-client-2.4.16-160000.1.1.s390x",
"product": {
"name": "cups-client-2.4.16-160000.1.1.s390x",
"product_id": "cups-client-2.4.16-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-config-2.4.16-160000.1.1.s390x",
"product": {
"name": "cups-config-2.4.16-160000.1.1.s390x",
"product_id": "cups-config-2.4.16-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.4.16-160000.1.1.s390x",
"product": {
"name": "cups-ddk-2.4.16-160000.1.1.s390x",
"product_id": "cups-ddk-2.4.16-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "cups-devel-2.4.16-160000.1.1.s390x",
"product": {
"name": "cups-devel-2.4.16-160000.1.1.s390x",
"product_id": "cups-devel-2.4.16-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcups2-2.4.16-160000.1.1.s390x",
"product": {
"name": "libcups2-2.4.16-160000.1.1.s390x",
"product_id": "libcups2-2.4.16-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.4.16-160000.1.1.s390x",
"product": {
"name": "libcupsimage2-2.4.16-160000.1.1.s390x",
"product_id": "libcupsimage2-2.4.16-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cups-2.4.16-160000.1.1.x86_64",
"product": {
"name": "cups-2.4.16-160000.1.1.x86_64",
"product_id": "cups-2.4.16-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-client-2.4.16-160000.1.1.x86_64",
"product": {
"name": "cups-client-2.4.16-160000.1.1.x86_64",
"product_id": "cups-client-2.4.16-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-config-2.4.16-160000.1.1.x86_64",
"product": {
"name": "cups-config-2.4.16-160000.1.1.x86_64",
"product_id": "cups-config-2.4.16-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-ddk-2.4.16-160000.1.1.x86_64",
"product": {
"name": "cups-ddk-2.4.16-160000.1.1.x86_64",
"product_id": "cups-ddk-2.4.16-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "cups-devel-2.4.16-160000.1.1.x86_64",
"product": {
"name": "cups-devel-2.4.16-160000.1.1.x86_64",
"product_id": "cups-devel-2.4.16-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcups2-2.4.16-160000.1.1.x86_64",
"product": {
"name": "libcups2-2.4.16-160000.1.1.x86_64",
"product_id": "libcups2-2.4.16-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcupsimage2-2.4.16-160000.1.1.x86_64",
"product": {
"name": "libcupsimage2-2.4.16-160000.1.1.x86_64",
"product_id": "libcupsimage2-2.4.16-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.4.16-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64"
},
"product_reference": "cups-2.4.16-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.4.16-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le"
},
"product_reference": "cups-2.4.16-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.4.16-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x"
},
"product_reference": "cups-2.4.16-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-2.4.16-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64"
},
"product_reference": "cups-2.4.16-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.4.16-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64"
},
"product_reference": "cups-client-2.4.16-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.4.16-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le"
},
"product_reference": "cups-client-2.4.16-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.4.16-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x"
},
"product_reference": "cups-client-2.4.16-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-client-2.4.16-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64"
},
"product_reference": "cups-client-2.4.16-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.4.16-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64"
},
"product_reference": "cups-config-2.4.16-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.4.16-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le"
},
"product_reference": "cups-config-2.4.16-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.4.16-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x"
},
"product_reference": "cups-config-2.4.16-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-config-2.4.16-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64"
},
"product_reference": "cups-config-2.4.16-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.4.16-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64"
},
"product_reference": "cups-ddk-2.4.16-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.4.16-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le"
},
"product_reference": "cups-ddk-2.4.16-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.4.16-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x"
},
"product_reference": "cups-ddk-2.4.16-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-ddk-2.4.16-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64"
},
"product_reference": "cups-ddk-2.4.16-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.4.16-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64"
},
"product_reference": "cups-devel-2.4.16-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.4.16-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le"
},
"product_reference": "cups-devel-2.4.16-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.4.16-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x"
},
"product_reference": "cups-devel-2.4.16-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cups-devel-2.4.16-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64"
},
"product_reference": "cups-devel-2.4.16-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.4.16-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64"
},
"product_reference": "libcups2-2.4.16-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.4.16-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le"
},
"product_reference": "libcups2-2.4.16-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.4.16-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x"
},
"product_reference": "libcups2-2.4.16-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcups2-2.4.16-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64"
},
"product_reference": "libcups2-2.4.16-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.4.16-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64"
},
"product_reference": "libcupsimage2-2.4.16-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.4.16-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le"
},
"product_reference": "libcupsimage2-2.4.16-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.4.16-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x"
},
"product_reference": "libcupsimage2-2.4.16-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcupsimage2-2.4.16-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
},
"product_reference": "libcupsimage2-2.4.16-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58060"
}
],
"notes": [
{
"category": "general",
"text": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58060",
"url": "https://www.suse.com/security/cve/CVE-2025-58060"
},
{
"category": "external",
"summary": "SUSE Bug 1249049 for CVE-2025-58060",
"url": "https://bugzilla.suse.com/1249049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-04T11:37:13Z",
"details": "important"
}
],
"title": "CVE-2025-58060"
},
{
"cve": "CVE-2025-58364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58364"
}
],
"notes": [
{
"category": "general",
"text": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups \u0026 cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be available to public internet, attack vector \"Network\" is possible. The current versions of CUPS and cups-browsed projects have the attack vector \"Adjacent\" in their default configurations. Version 2.4.13 contains a patch for CVE-2025-58364.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58364",
"url": "https://www.suse.com/security/cve/CVE-2025-58364"
},
{
"category": "external",
"summary": "SUSE Bug 1249128 for CVE-2025-58364",
"url": "https://bugzilla.suse.com/1249128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-04T11:37:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-58364"
},
{
"cve": "CVE-2025-58436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58436"
}
],
"notes": [
{
"category": "general",
"text": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue has been patched in version 2.4.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58436",
"url": "https://www.suse.com/security/cve/CVE-2025-58436"
},
{
"category": "external",
"summary": "SUSE Bug 1244057 for CVE-2025-58436",
"url": "https://bugzilla.suse.com/1244057"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-04T11:37:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-58436"
},
{
"cve": "CVE-2025-61915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61915"
}
],
"notes": [
{
"category": "general",
"text": "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61915",
"url": "https://www.suse.com/security/cve/CVE-2025-61915"
},
{
"category": "external",
"summary": "SUSE Bug 1253783 for CVE-2025-61915",
"url": "https://bugzilla.suse.com/1253783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-client-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-config-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-ddk-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:cups-devel-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcups2-2.4.16-160000.1.1.x86_64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.aarch64",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.ppc64le",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.s390x",
"openSUSE Leap 16.0:libcupsimage2-2.4.16-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-04T11:37:13Z",
"details": "moderate"
}
],
"title": "CVE-2025-61915"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…