Security update for cups
This update for cups fixes the following issues:
The following security vulnerabilities were fixed:
- Fixed a local privilege escalation to root and sandbox bypasses in the
scheduler
- CVE-2018-4180: Fixed a local privilege escalation to root in dnssd backend
(bsc#1096405)
- CVE-2018-4181: Limited local file reads as root via cupsd.conf include
directive (bsc#1096406)
- CVE-2018-4182: Fixed a sandbox bypass due to insecure error handling
(bsc#1096407)
- CVE-2018-4183: Fixed a sandbox bypass due to profile misconfiguration
(bsc#1096408)
This update was imported from the SUSE:SLE-15:Update update project.
- Submitted by Johannes Meixner (jsmeix)
Fixed bugs
bnc#1096408
VUL-0: CVE-2018-4183: cups: cups-exec Sandbox Bypass Due to Profile Misconfiguration
bnc#1096405
VUL-0: CVE-2018-4180: cups: Local Privilege Escalation to Root in dnssd Backend (CUPS_SERVERBIN)
bnc#1096407
VUL-0: CVE-2018-4182: cups: cups-exec Sandbox Bypass Due to Insecure Error Handling
bnc#1096406
VUL-0: CVE-2018-4181: cups: Limited Local File Reads as Root via cupsd.conf Include Directive