PT-2018-17631 · Apple+1 · Cups+1

Dan Bastone

Published

2018-07-11

Updated

2019-10-03

CVE-2018-6553

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CUPS versions prior to 2.2.7-1ubuntu2.1 CUPS versions prior to 2.2.4-7ubuntu3.1 CUPS versions prior to 2.1.3-4ubuntu0.5 CUPS versions prior to 1.7.2-0ubuntu1.10

Description The issue is related to the CUPS AppArmor profile, which incorrectly confined the dnssd backend due to the use of hard links. A local attacker could possibly use this issue to escape confinement.

Recommendations For versions prior to 2.2.7-1ubuntu2.1, update to version 2.2.7-1ubuntu2.1 or later. For versions prior to 2.2.4-7ubuntu3.1, update to version 2.2.4-7ubuntu3.1 or later. For versions prior to 2.1.3-4ubuntu0.5, update to version 2.1.3-4ubuntu0.5 or later. For versions prior to 1.7.2-0ubuntu1.10, update to version 1.7.2-0ubuntu1.10 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2018-6553

DLA-1426-1

DSA-4243-1

USN-3713-1

Affected Products

Cups

Ubuntu

PT-2018-17631 · Apple+1 · Cups+1

CVE-2018-6553

Related Identifiers

Affected Products

References · 18