Bartlomiej Sieka

Name of the Vulnerable Software and Affected Versions: CUPS version 1.1.22 Description: The issue allows local users to corrupt the CUPS passwd file by filling the associated file system and triggering write errors when modifying the file using lppasswd. Recommendations: For CUPS version 1.1.22, update to a version where this issue is fixed to prevent local users from corrupting the CUPS passwd file.

Name of the Vulnerable Software and Affected Versions: CUPS version 1.1.22 Description: The issue is related to the lppasswd utility in CUPS, which fails to remove the passwd.new file if it encounters a file-size resource limit while writing to it. This causes subsequent invocations of lppasswd to fail. Recommendations: For CUPS version 1.1.22, consider manually removing the passwd.new file after an invocation failure to allow subsequent lppasswd invocations to proceed. As a temporary workaround, ensure that sufficient file-size resources are available to prevent such failures.