Wind River Support Network

HomeDefectsLIN9-7315
Fixed

LIN9-7315 : Security Advisory - cups - CVE-2018-4182

Created: Aug 15, 2018    Updated: Jan 21, 2019
Resolved Date: Aug 23, 2018
Found In Version: 9.0.0.17
Fix Version: 9.0.0.18
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

It is possible to cause cups-exec to execute backends without a sandbox profile by causing cupsdCreateProfile() to fail.  An attacker that has obtained sandboxed root access can accomplish this by setting the CUPS temporary directory to immutable using chflags, which will prevent the profile from being written to disk.

https://nvd.nist.gov/vuln/detail/CVE-2018-4182

Other Downloads

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube