{"id":"USN-8405-2","summary":"cups regression","details":"USN-8405-1 fixed vulnerabilities in CUPS. The update introduced a\nregression that cause CUPS to crash when parsing certain large printer PPD\nfiles. This update fixes the problem.\n\nOriginal advisory details:\n\n Ariel Silver discovered that CUPS incorrectly handled username comparisons\n during authorization checks. A local attacker could possibly use this issue\n to gain unauthorized access to restricted operations. (CVE-2026-27447)\n\n Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled\n notify-recipient-uri values in the RSS notifier. A remote attacker could\n possibly use this issue to overwrite lp-writable files and cause a denial\n of service. (CVE-2026-34978)\n\n Jacob Newman discovered that CUPS incorrectly handled filter option strings\n when processing job attributes. An attacker could use this issue to cause\n CUPS to crash, resulting in a denial of service, or possibly execute\n arbitrary code. (CVE-2026-34979)\n\n Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled\n page-border values in shared PostScript queues. A remote attacker could\n possibly use this issue to execute arbitrary code. (CVE-2026-34980)\n\n Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled\n localhost authentication to attacker-controlled IPP services. A local\n attacker could possibly use this issue to overwrite arbitrary files\n and execute arbitrary code. (CVE-2026-34990)\n\n Tomer Fichman discovered that CUPS incorrectly handled negative\n job-password-supported values. A local attacker could possibly use this\n issue to cause CUPS to crash, resulting in a denial of service.\n (CVE-2026-39314)\n\n Tomer Fichman discovered that CUPS incorrectly handled temporary printer\n deletion. An attacker could possibly use this issue to cause CUPS to crash,\n resulting in a denial of service, or to execute arbitrary code.\n (CVE-2026-39316)\n\n Tomer Fichman discovered that CUPS incorrectly handled certain malformed\n SNMP responses. An attacker could possibly use this issue to obtain\n sensitive information. (CVE-2026-41079)","modified":"2026-06-15T20:15:09.155479622Z","published":"2026-06-15T12:12:13Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8405-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/2156339"}],"affected":[{"package":{"name":"cups","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/cups?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.1op1-1ubuntu4.21"}]}],"versions":["2.3.3op2-7ubuntu2","2.4.1op1-1ubuntu1","2.4.1op1-1ubuntu2","2.4.1op1-1ubuntu3","2.4.1op1-1ubuntu4","2.4.1op1-1ubuntu4.1","2.4.1op1-1ubuntu4.2","2.4.1op1-1ubuntu4.4","2.4.1op1-1ubuntu4.6","2.4.1op1-1ubuntu4.7","2.4.1op1-1ubuntu4.8","2.4.1op1-1ubuntu4.9","2.4.1op1-1ubuntu4.10","2.4.1op1-1ubuntu4.11","2.4.1op1-1ubuntu4.12","2.4.1op1-1ubuntu4.15","2.4.1op1-1ubuntu4.16","2.4.1op1-1ubuntu4.20"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"cups","binary_version":"2.4.1op1-1ubuntu4.21"},{"binary_name":"cups-bsd","binary_version":"2.4.1op1-1ubuntu4.21"},{"binary_name":"cups-client","binary_version":"2.4.1op1-1ubuntu4.21"},{"binary_name":"cups-common","binary_version":"2.4.1op1-1ubuntu4.21"},{"binary_name":"cups-core-drivers","binary_version":"2.4.1op1-1ubuntu4.21"},{"binary_name":"cups-daemon","binary_version":"2.4.1op1-1ubuntu4.21"},{"binary_name":"cups-ipp-utils","binary_version":"2.4.1op1-1ubuntu4.21"},{"binary_name":"cups-ppdc","binary_version":"2.4.1op1-1ubuntu4.21"},{"binary_name":"cups-server-common","binary_version":"2.4.1op1-1ubuntu4.21"},{"binary_name":"libcups2","binary_version":"2.4.1op1-1ubuntu4.21"},{"binary_name":"libcupsimage2","binary_version":"2.4.1op1-1ubuntu4.21"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8405-2.json"}},{"package":{"name":"cups","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/cups?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.7-1.2ubuntu7.14"}]}],"versions":["2.4.6-0ubuntu3","2.4.7-1.2ubuntu2","2.4.7-1.2ubuntu3","2.4.7-1.2ubuntu7","2.4.7-1.2ubuntu7.1","2.4.7-1.2ubuntu7.2","2.4.7-1.2ubuntu7.3","2.4.7-1.2ubuntu7.4","2.4.7-1.2ubuntu7.7","2.4.7-1.2ubuntu7.9","2.4.7-1.2ubuntu7.13"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"cups","binary_version":"2.4.7-1.2ubuntu7.14"},{"binary_name":"cups-bsd","binary_version":"2.4.7-1.2ubuntu7.14"},{"binary_name":"cups-client","binary_version":"2.4.7-1.2ubuntu7.14"},{"binary_name":"cups-common","binary_version":"2.4.7-1.2ubuntu7.14"},{"binary_name":"cups-core-drivers","binary_version":"2.4.7-1.2ubuntu7.14"},{"binary_name":"cups-daemon","binary_version":"2.4.7-1.2ubuntu7.14"},{"binary_name":"cups-ipp-utils","binary_version":"2.4.7-1.2ubuntu7.14"},{"binary_name":"cups-ppdc","binary_version":"2.4.7-1.2ubuntu7.14"},{"binary_name":"cups-server-common","binary_version":"2.4.7-1.2ubuntu7.14"},{"binary_name":"libcups2t64","binary_version":"2.4.7-1.2ubuntu7.14"},{"binary_name":"libcupsimage2t64","binary_version":"2.4.7-1.2ubuntu7.14"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8405-2.json"}},{"package":{"name":"cups","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/cups?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.12-0ubuntu3.10"}]}],"versions":["2.4.12-0ubuntu1","2.4.12-0ubuntu2","2.4.12-0ubuntu3","2.4.12-0ubuntu3.3","2.4.12-0ubuntu3.5","2.4.12-0ubuntu3.9"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"cups","binary_version":"2.4.12-0ubuntu3.10"},{"binary_name":"cups-bsd","binary_version":"2.4.12-0ubuntu3.10"},{"binary_name":"cups-client","binary_version":"2.4.12-0ubuntu3.10"},{"binary_name":"cups-common","binary_version":"2.4.12-0ubuntu3.10"},{"binary_name":"cups-core-drivers","binary_version":"2.4.12-0ubuntu3.10"},{"binary_name":"cups-daemon","binary_version":"2.4.12-0ubuntu3.10"},{"binary_name":"cups-ipp-utils","binary_version":"2.4.12-0ubuntu3.10"},{"binary_name":"cups-ppdc","binary_version":"2.4.12-0ubuntu3.10"},{"binary_name":"cups-server-common","binary_version":"2.4.12-0ubuntu3.10"},{"binary_name":"libcups2t64","binary_version":"2.4.12-0ubuntu3.10"},{"binary_name":"libcupsimage2t64","binary_version":"2.4.12-0ubuntu3.10"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:25.10","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8405-2.json"}},{"package":{"name":"cups","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/cups?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.16-1ubuntu1.3"}]}],"versions":["2.4.12-0ubuntu3","2.4.12-0ubuntu5","2.4.16-1ubuntu1","2.4.16-1ubuntu1.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"cups","binary_version":"2.4.16-1ubuntu1.3"},{"binary_name":"cups-bsd","binary_version":"2.4.16-1ubuntu1.3"},{"binary_name":"cups-client","binary_version":"2.4.16-1ubuntu1.3"},{"binary_name":"cups-common","binary_version":"2.4.16-1ubuntu1.3"},{"binary_name":"cups-core-drivers","binary_version":"2.4.16-1ubuntu1.3"},{"binary_name":"cups-daemon","binary_version":"2.4.16-1ubuntu1.3"},{"binary_name":"cups-ipp-utils","binary_version":"2.4.16-1ubuntu1.3"},{"binary_name":"cups-ppdc","binary_version":"2.4.16-1ubuntu1.3"},{"binary_name":"cups-server-common","binary_version":"2.4.16-1ubuntu1.3"},{"binary_name":"libcups2t64","binary_version":"2.4.16-1ubuntu1.3"},{"binary_name":"libcupsimage2t64","binary_version":"2.4.16-1ubuntu1.3"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:26.04:LTS","cves":[]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8405-2.json"}}],"schema_version":"1.7.5"}