{"id":"MGASA-2020-0248","summary":"Updated cups packages fix security vulnerability","details":"Updated cups packages fix security vulnerabilities:\n\nIt was discovered that CUPS incorrectly handled certain language values.\nA local attacker could possibly use this issue to cause CUPS to crash,\nleading to a denial of service, or possibly obtain sensitive information\n(CVE-2019-2228).\n\nStephan Zeisberg discovered that the CUPS SNMP backend incorrectly\nhandled encoded ASN.1 inputs. A remote attacker could possibly use this\nissue to cause CUPS to crash by providing specially crafted network\ntraffic (CVE-2019-8675, CVE-2019-8696).\n\nThe ippReadIO function may under-read an extension (CVE-2019-8842).\n\nStephan Zeisberg discovered that CUPS incorrectly handled certain\nmalformed ppd files. A local attacker could possibly use this issue to\nexecute arbitrary code (CVE-2020-3898).\n\nThe cups package has been updated to version 2.2.13 and patched to fix\nthese issues and other bugs.\n\nAlso, this update will hopefully fix the cups service failing to start at\nboot on some systems. \n","modified":"2026-04-16T04:44:26.010940877Z","published":"2020-06-10T22:26:12Z","upstream":["CVE-2019-2228","CVE-2019-8675","CVE-2019-8696","CVE-2019-8842","CVE-2020-3898"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0248.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26531"},{"type":"WEB","url":"https://usn.ubuntu.com/4105-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4340-1/"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2019-8842"},{"type":"WEB","url":"https://github.com/apple/cups/releases/tag/v2.2.12"},{"type":"WEB","url":"https://github.com/apple/cups/releases/tag/v2.2.13"}],"affected":[{"package":{"name":"cups","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/cups?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.13-1.2.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0248.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}