Wind River Support Network

HomeDefectsLIN8-9644
Fixed

LIN8-9644 : Security Advisory - cups - CVE-2018-4182

Created: Aug 15, 2018    Updated: Jan 21, 2019
Resolved Date: Aug 20, 2018
Found In Version: 8.0.0.26
Fix Version: 8.0.0.27
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Userspace

Description

It is possible to cause cups-exec to execute backends without a sandbox profile by causing cupsdCreateProfile() to fail.  An attacker that has obtained sandboxed root access can accomplish this by setting the CUPS temporary directory to immutable using chflags, which will prevent the profile from being written to disk.

https://nvd.nist.gov/vuln/detail/CVE-2018-4182

Other Downloads

CVEs

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube