SUSE-SU-2018:2233-1: moderate: Security update for cups

[sle-updates at lists.suse.com]

   SUSE Security Update: Security update for cups
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:2233-1
Rating:             moderate
References:         #1096405 #1096406 #1096407 #1096408 
Cross-References:   CVE-2018-4180 CVE-2018-4181 CVE-2018-4182
                    CVE-2018-4183
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that fixes four vulnerabilities is now available.

Description:

   This update for cups fixes the following issues:

   Security issues fixed:

   - CVE-2018-4180: Fix local privilege escalation to root in dnssd backend
     (bsc#1096405).
   - CVE-2018-4181: Limited local file reads as root via cupsd.conf include
     directive (bsc#1096406).
   - CVE-2018-4182: Fix cups-exec sandbox bypass due to insecure error
     handling (bsc#1096407).
   - CVE-2018-4183: Fix cups-exec sandbox bypass due to profile
     misconfiguration (bsc#1096408).


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-cups-13718=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-cups-13718=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-cups-13718=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      cups-devel-1.3.9-8.46.56.3.1

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      cups-1.3.9-8.46.56.3.1
      cups-client-1.3.9-8.46.56.3.1
      cups-libs-1.3.9-8.46.56.3.1

   - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):

      cups-libs-32bit-1.3.9-8.46.56.3.1

   - SUSE Linux Enterprise Server 11-SP4 (ia64):

      cups-libs-x86-1.3.9-8.46.56.3.1

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      cups-debuginfo-1.3.9-8.46.56.3.1
      cups-debugsource-1.3.9-8.46.56.3.1


References:

   https://www.suse.com/security/cve/CVE-2018-4180.html
   https://www.suse.com/security/cve/CVE-2018-4181.html
   https://www.suse.com/security/cve/CVE-2018-4182.html
   https://www.suse.com/security/cve/CVE-2018-4183.html
   https://bugzilla.suse.com/1096405
   https://bugzilla.suse.com/1096406
   https://bugzilla.suse.com/1096407
   https://bugzilla.suse.com/1096408