==========================================================================
Ubuntu Security Notice USN-4105-1
August 20, 2019

cups vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in CUPS.

Software Description:
– cups: Common UNIX Printing System(tm)

Details:

Stephan Zeisberg discovered that the CUPS SNMP backend incorrectly handled
encoded ASN.1 inputs. A remote attacker could possibly use this issue to
cause CUPS to crash by providing specially crafted network
traffic. (CVE-2019-8696, CVE-2019-8675)

It was discovered that CUPS did not properly handle client disconnection
events. A local attacker could possibly use this issue to cause a denial of
service or disclose memory from the CUPS server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
cups 2.2.10-4ubuntu2.1

Ubuntu 18.04 LTS:
cups 2.2.7-1ubuntu2.7

Ubuntu 16.04 LTS:
cups 2.1.3-4ubuntu0.10

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4105-1
CVE-2019-8675, CVE-2019-8696

Package Information:
https://launchpad.net/ubuntu/+source/cups/2.2.10-4ubuntu2.1
https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.7
https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.10
—–BEGIN PGP SIGNATURE—–

iQEzBAEBCgAdFiEEiOlTC8vdwgBRe16w9JjS2d59rZwFAl1bgsYACgkQ9JjS2d59
rZwddwf9GX+NT4O6VIfh1Vk5YeMnt0BvW2a64zzOT/DWZXavYK6S/ReHbDzza93r
KgApT6hN03Viqw9xfMY5Iib1HFxx/nco3x7iIqh1TqRgM6vZITma8IUudsF88FJQ
7lLnwD9u/6wnqCS533kALK0h+PCob2CE0K3oDRA0VYBGU33/5vi2cFawnefzHJRm
jDN71KUTPrZU2BKt7ymXql0ynDMfwJaYkksdXfbV9iyNzZ0iiuQqh4C0MXO3MBa7
ChV+RyxlbuSIEL2yuWEe8Yf0qBwut3yRFmVixlSqT1zBJNp21ADEhmPp5cFjN11H
+31aPe8O+UDfzyUv5XoibhtJ+7zZSg==
=hyr4
—–END PGP SIGNATURE——-