Ubuntu Security Notice 4340-1 - It was discovered that CUPS incorrectly handled certain language values. A local attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or possibly obtain sensitive information. This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 19.10. Stephan Zeisberg discovered that CUPS incorrectly handled certain malformed ppd files. A local attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
ccfd27d16a20c2accb7df3037e5f1940fecb8a018bc426b2324a65ea0a940d99
==========================================================================
Ubuntu Security Notice USN-4340-1
April 27, 2020
cups vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04
- Ubuntu 19.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in CUPS.
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
It was discovered that CUPS incorrectly handled certain language values. A
local attacker could possibly use this issue to cause CUPS to crash,
leading to a denial of service, or possibly obtain sensitive information.
This issue only applied to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu
19.10. (CVE-2019-2228)
Stephan Zeisberg discovered that CUPS incorrectly handled certain malformed
ppd files. A local attacker could possibly use this issue to execute
arbitrary code. (CVE-2020-3898)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04:
cups 2.3.1-9ubuntu1.1
Ubuntu 19.10:
cups 2.2.12-2ubuntu1.1
Ubuntu 18.04 LTS:
cups 2.2.7-1ubuntu2.8
Ubuntu 16.04 LTS:
cups 2.1.3-4ubuntu0.11
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4340-1
CVE-2019-2228, CVE-2020-3898
Package Information:
https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.1
https://launchpad.net/ubuntu/+source/cups/2.2.12-2ubuntu1.1
https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.8
https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.11