Wind River Support Network

HomeDefectsLIN10-4524
Fixed

LIN10-4524 : Security Advisory - cups - CVE-2018-4182

Created: Aug 15, 2018    Updated: Jan 21, 2019
Resolved Date: Aug 24, 2018
Found In Version: 10.17.41.1
Fix Version: 10.17.41.11
Severity: Standard
Applicable for: Wind River Linux LTS 17
Component/s: Userspace

Description

It is possible to cause cups-exec to execute backends without a sandbox profile by causing cupsdCreateProfile() to fail.  An attacker that has obtained sandboxed root access can accomplish this by setting the CUPS temporary directory to immutable using chflags, which will prevent the profile from being written to disk.

https://nvd.nist.gov/vuln/detail/CVE-2018-4182 

Other Downloads


CVEs


Live chat
Online