[ubuntu/questing-updates] cups 2.4.12-0ubuntu3.9 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Mon Jun 8 17:03:23 UTC 2026 

cups (2.4.12-0ubuntu3.9) questing-security; urgency=medium

  * SECURITY UPDATE: authorization bypass vulnerability
    - debian/patches/CVE-2026-27447-1.patch: The scheduler treated local user
      and group names as case-insensitive. in scheduler/auth.c.
    - debian/patches/CVE-2026-27447-2.patch: Fix cupsd crash if user does not
      exist on server in scheduler/auth.c.
    - debian/patches/CVE-2026-27447-3.patch: Fix unauthenticated print policies
      (Issue #1557) in scheduler/auth.c.
    - CVE-2026-27447
  * SECURITY UPDATE: RSS notifier path traversal issue 
    - debian/patches/CVE-2026-34978.patch: Fix RSS notifier. in notifier/rss.c,
      scheduler/ipp.c.
    - CVE-2026-34978
  * SECURITY UPDATE: heap overflow in building filter option strings
    - debian/patches/CVE-2026-34979-1.patch: Expand allocation of options
      string. in scheduler/job.c.
    - debian/patches/CVE-2026-34979-2.patch: Fix get_options regression (Issue
      #1532) in scheduler/job.c, test/5.5-lp.sh.
    - CVE-2026-34979
  * SECURITY UPDATE: embedded newline issue in print jobs
    - debian/patches/CVE-2026-34980-1.patch: Filter out control characters from
      option values. in scheduler/job.c.
    - debian/patches/CVE-2026-34980-2.patch: Fix filter PPD keyword processing
      (Issue #1562) in scheduler/job.c.
    - CVE-2026-34980
  * SECURITY UPDATE: incorrectly accepts local certificates over the
    loopback interface
    - debian/patches/CVE-2026-34990-1.patch: Don't allow local certificates over
      the loopback interface, drop support for writing to plain files. in
      cups/auth.c, scheduler/auth.c, scheduler/client.c, scheduler/ipp.c,
      scheduler/job.c, test/4.2-cups-printer-ops.test, test/5.1-lpadmin.sh.
    - debian/patches/CVE-2026-34990-2.patch: Fix builds against GSSAPI
      (Kerberos) in cups/auth.c.
    - CVE-2026-34990
  * SECURITY UPDATE: integer underflow in _ppdCreateFromIPP()
    - debian/patches/CVE-2026-39314.patch: Range check job-password-supported.
      in cups/ppd-cache.c.
    - CVE-2026-39314
  * SECURITY UPDATE: use-after-free when temp printers are deleted
    - debian/patches/CVE-2026-39316.patch: Expire per-printer subscriptions
      before deleting. in scheduler/printers.c.
    - CVE-2026-39316
  * SECURITY UPDATE: OOB read via SNMP response
    - debian/patches/CVE-2026-41079.patch: Limit num_bytes for SNMP string
      values. in cups/snmp-private.h, cups/snmp.c.
    - CVE-2026-41079
  * Miscellaneous additional fixes:
    - debian/patches/misc-fix-1.patch: Improve page header validation in
      cupsRasterReadHeader in cups/raster-error.c, cups/raster-stream.c.
    - debian/patches/misc-fix-2.patch: Protect against a driver reporting a
      supply type with a trailing '-'. in scheduler/printers.c.
    - debian/patches/misc-fix-3.patch: Range check cupsBytesPerLine in
      rastertoepson. in filter/rastertoepson.c.
    - debian/patches/misc-fix-4.patch: Sanity check HWResolution when writing
      Apple Raster. in cups/raster-stream.c.
    - debian/patches/misc-fix-5.patch: Protect against deep collection values
      (Issue #1539) in cups/cups-private.h, cups/dest-options.c, cups/encode.c.
    - debian/patches/misc-fix-6.patch: Update processing of LimitRequestBody,
      MaxLogSize, and MaxRequestSize to support full range of file sizes in
      scheduler/conf.c, scheduler/conf.h.
    - debian/patches/misc-fix-6-2.patch: Fix builds on systems that don't define
      OFF_MAX in scheduler/conf.c.
    - debian/patches/misc-fix-7.patch: Fix blank line detection in rastertolabel
      in filter/rastertolabel.c.
    - debian/patches/misc-fix-8.patch: Add buffer size check from CUPS 2.5.x to
      _ippFileReadToken (Issue #1542) in cups/ipp-file.c.
    - debian/patches/misc-fix-9.patch: Fix regression in
      cupsRasterRead/WriteHeader. in cups/raster-stream.c.
  * debian/tests/utils/test-drivers: disable most tests since the security
    update no longer accepts writing to files. Needs to be adapted. Taken
    from 2.4.18-1.

Date: 2026-06-07 16:19:25.597260+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/cups/2.4.12-0ubuntu3.9
-------------- next part --------------
Sorry, changesfile not available.

More information about the Questing-changes mailing list