========================================================================== Ubuntu Security Notice USN-8405-2 June 15, 2026
cups regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: USN-8405-1 introduced a regression in CUPS Software Description: - cups: Common UNIX Printing System(tm) Details: USN-8405-1 fixed vulnerabilities in CUPS. The update introduced a regression that cause CUPS to crash when parsing certain large printer PPD files. This update fixes the problem. Original advisory details: Ariel Silver discovered that CUPS incorrectly handled username comparisons during authorization checks. A local attacker could possibly use this issue to gain unauthorized access to restricted operations. (CVE-2026-27447) Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled notify-recipient-uri values in the RSS notifier. A remote attacker could possibly use this issue to overwrite lp-writable files and cause a denial of service. (CVE-2026-34978) Jacob Newman discovered that CUPS incorrectly handled filter option strings when processing job attributes. An attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-34979) Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled page-border values in shared PostScript queues. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-34980) Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled localhost authentication to attacker-controlled IPP services. A local attacker could possibly use this issue to overwrite arbitrary files and execute arbitrary code. (CVE-2026-34990) Tomer Fichman discovered that CUPS incorrectly handled negative job-password-supported values. A local attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. (CVE-2026-39314) Tomer Fichman discovered that CUPS incorrectly handled temporary printer deletion. An attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service, or to execute arbitrary code. (CVE-2026-39316) Tomer Fichman discovered that CUPS incorrectly handled certain malformed SNMP responses. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-41079) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS cups 2.4.16-1ubuntu1.3 cups-daemon 2.4.16-1ubuntu1.3 Ubuntu 25.10 cups 2.4.12-0ubuntu3.10 cups-daemon 2.4.12-0ubuntu3.10 Ubuntu 24.04 LTS cups 2.4.7-1.2ubuntu7.14 cups-daemon 2.4.7-1.2ubuntu7.14 Ubuntu 22.04 LTS cups 2.4.1op1-1ubuntu4.21 cups-daemon 2.4.1op1-1ubuntu4.21 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8405-2 https://ubuntu.com/security/notices/USN-8405-1 https://launchpad.net/bugs/2156339 Package Information: https://launchpad.net/ubuntu/+source/cups/2.4.16-1ubuntu1.3 https://launchpad.net/ubuntu/+source/cups/2.4.12-0ubuntu3.10 https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.14 https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.21
signature.asc
Description: OpenPGP digital signature
