Release date:
2026-04-24 21:53:21 UTC
Description:
* SECURITY UPDATE: control-character injection in scheduler option
handling
- debian/patches/CVE-2026-34980.patch: filter control characters
from IPP string option values and reject "special" PPD keywords
(cupsFilter, cupsFilter2, etc.) reported back by job filters to
prevent filter/command injection via crafted job options
- CVE-2026-34980
Updated packages:
-
cups_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
sha:eafd9b9b163c1cc8b36971c390afb58b7bd8c4fe
-
cups-bsd_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
sha:94830c1eaf69a2eac19de3dd7b47ddc4da1af77b
-
cups-client_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
sha:5dde839797a299520f09e9be91e16f78abf213a3
-
cups-common_2.3.1-9ubuntu1.9+tuxcare.els2_all.deb
sha:025d224f98191215175c8b758e8e64ada5646654
-
cups-core-drivers_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
sha:fd383200d6b55bb256b1008206e172c2ecffb537
-
cups-daemon_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
sha:27f1de65f7f5dd692e3f88225491bd582b6e2078
-
cups-ipp-utils_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
sha:39c077c38d12a5bc5590a0cf8052e19f8c4bb534
-
cups-ppdc_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
sha:812b600d6341b09bb799be125206d92e4cc402c6
-
cups-server-common_2.3.1-9ubuntu1.9+tuxcare.els2_all.deb
sha:2722b071f8ad4b83636e688a1398385a564310cd
-
libcups2_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
sha:7fde2569878177aadb647e7dd9a4e2c202b9eed5
-
libcups2-dev_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
sha:35e87ef95e305522f63257a79dd4cefea4e75633
-
libcupsimage2_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
sha:87e6dfd14de40aca37ad4bb90922a4e68a67cd17
-
libcupsimage2-dev_2.3.1-9ubuntu1.9+tuxcare.els2_amd64.deb
sha:bbb4c479be7321501e33b83923ffeeb52ba25631
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
