Wind River Support Network

HomeDefectsLIN10-4544

Fixed

LIN10-4544 : Security Advisory - cups - CVE-2018-4180

Created: Aug 15, 2018 Updated: Feb 2, 2019

Resolved Date: Aug 24, 2018

Found In Version: 10.17.41.1

Fix Version: 10.17.41.11

Severity: Standard

Applicable for: Wind River Linux LTS 17

Component/s: Userspace

Description

Affected versions of CUPS allow for the SetEnv and PassEnv directives to be specified in the cupsd.conf file, which is editable by non-root users using the cupsctl binary.  This allows attacker-controlled environment variables to be passed to CUPS backends, some of which are run as root.  By passing malicious values in environment variables to affected backends, it is possible to execute an attacker-supplied binary as root, subject to sandbox restrictions.

https://nvd.nist.gov/vuln/detail/CVE-2018-4180

Other Downloads

Wind River Linux LTS 10.17.41.11
Wind River Linux LTS 10.17.41.12
Wind River Linux LTS 10.17.41.13
Wind River Linux LTS 10.17.41.14
Wind River Linux LTS 10.17.41.15
Wind River Linux LTS 10.17.41.16
Wind River Linux LTS 10.17.41.17
Wind River Linux LTS 10.17.41.18
Wind River Linux LTS 10.17.41.20
Wind River Linux LTS 10.17.41.21
Wind River Linux LTS 10.17.41.22
Wind River Linux LTS 10.17.41.23
Wind River Linux LTS 10.17.41.24
Wind River Linux LTS 10.17.41.25
Wind River Linux LTS 10.17.41.26
Wind River Linux LTS 10.17.41.27

CVEs

CVE-2018-4180