Debian has issued an advisory on July 11: https://www.debian.org/security/2018/dsa-4243 The issues were fixed upstream in the following commit: https://github.com/apple/cups/commit/d47f6aec436e0e9df6554436e391471097686ecc Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Ubuntu has issued an advisory for this on July 11: https://usn.ubuntu.com/3713-1/
Assigning to the registered maintainer, CC'ing some committers.
Assignee: bugsquad => thierry.vignaudCC: (none) => doktor5000, mageia, mageia, marja11, pterjan
SUSE has issued an advisory on August 1: http://lists.suse.com/pipermail/sle-security-updates/2018-August/004364.html It fixes these and two new issues, which were all disclosed here: https://blog.gdssecurity.com/labs/2018/7/11/cups-local-privilege-escalation-and-sandbox-escapes.html
Summary: cups new security issues CVE-2018-418[01] => cups new security issues CVE-2018-418[0-3]
Fedora has issued an advisory for this on July 29: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5CDW7PAQIBDYEQC5M3UYPLJOXOGFJ7BY/
Fedora has issued an advisory on December 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MTPCMCONP5W3GMWEUKVATP2VDVGZEQDY/ This fixes a new issue, with the fix linked from the RedHat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1649347
Severity: normal => majorSummary: cups new security issues CVE-2018-418[0-3] => cups new security issues CVE-2018-418[0-3] and CVE-2018-4700
Fedora advisory for the new issue from December 21: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GA2OBRREMQ4AO3ZZCYI7D3CCG3FSMLW6/ They patched 2.2.6 there (same version we have in Mageia 6).
CVE-2018-4700 is fixed upstream in 2.2.10.
Older issues appear to have been fixed upstream in 2.2.8 (which is in Cauldron). tv included a patch from Fedora for CVE-2018-4700 in Cauldron.
Whiteboard: MGA6TOO => (none)Version: Cauldron => 6
Depends on: (none) => 25317
Mageia 6 is EOL.
Status: NEW => RESOLVEDCC: (none) => mramboResolution: (none) => OLD