[SECURITY] [DLA 1936-1] cups security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1936-1] cups security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 28 Sep 2019 11:51:06 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.20.1909281147420.18184@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : cups
Version        : 1.7.5-11+deb8u6
CVE ID         : CVE-2018-4300


An issue has been found in cups, the Common UNIX Printing System(tm).

While generating a session cookie for the CUPS web interface, apredictable random number seed was used. This could lead to unauthorizedscripted access to the enabled web interface.

For Debian 8 "Jessie",this problem has been fixed in version 1.7.5-11+deb8u6.


We recommend that you upgrade your cups packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl2PLQpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcyjA/6AvM/IDKqlAUC8E86j/9ZdVyHfwwyXHcnJBe/C0e3Ff53GR4bJ6lMt5K0
ZHbsXTpGz33ZqjxDnTdqBKHJupcePkGxCMPjKwNMYCQgpslaggTu1dX4TrVxUP+9
rT1gU9YkT13tU2lD7Q9MY1V5MQB8WF+6VRugrmWdjk8LLeor3k7IBvwQ7fhj7dOo
m5glWprUvXNJ88e+lePQHaY2DYa7m2mitLAVnch7jn4l+H/W4AiBs6HiHnqzWKEX
5SexN2WqoAccTF/QpjzXjwtQS5WAI/8dGsn5udLoaK8P0VY7fPPbUBPf8VX+tpSm
3BYursn8hrfOcc1ac7oNM6vcSVbBHKL/+A5pnF2eNE23CHDZMefzc3tE0rnxbXd5
Lk/PrIdrweXyTb2V15jDoGQNDGS9R/DS8yAtBdlo9jCAvF3S1CGwcKxWWYkHkVjA
YId7hK/ZmtcWDvY3T4a+bNrUIfiXTixKwv02LBQ32rPf1T6cfHKZWxhxlISrlBqm
cpoKMV+I5wFy3jTkay7vOKOPBEfFGO44TWnmfkoh4fFCNNLiHfFXkNnK0KWQZ0Jm
/s5o5I4bg62j7MAUHhQ78tzVRcGiGbdbC4dnOViRQ193cn1LOIdQEclImCPJhK9b
a7jkLD4RkwMjXISbxFH+yEdroAbI+I0D+ULOD7p31SlbaIBW4h0=
=h6dI
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1933-1] ruby-nokogiri security update
Next by Date: [SECURITY] [DLA 1935-1] e2fsprogs security update
Previous by thread: [SECURITY] [DLA 1933-1] ruby-nokogiri security update
Next by thread: [SECURITY] [DLA 1935-1] e2fsprogs security update
Index(es):
- Date
- Thread