Ubuntu USN-8405-2: CUPS fixes CVE-2026-27447 (Auth Bypass) & CVE-2026-34978 (DoS)

Vulnerability Overview Vulnerability ID: USN-8405-2 Publication Date: June 15, 2026 Description: USN-8405-1 introduced a regression in CUPS, causing CUPS to crash when parsing certain large printer PPD files. This update fixes the issue. Affected Versions Affected Releases: - 26.04 LTS (resolute) - 25.10 (questing) - 24.04 LTS (noble) - 22.04 LTS (jammy) Remediation Update Instructions: A standard system update will apply all necessary changes. Specific Package Versions: - 26.04 LTS (resolute): - - 2.4.16-1ubuntu1.3 - - 2.4.16-1ubuntu1.3 - 25.10 (questing): - - 2.4.12-0ubuntu3.10 - - 2.4.12-0ubuntu3.10 - 24.04 LTS (noble): - - 2.4.7-1.2ubuntu7.14 - - 2.4.7-1.2ubuntu7.14 - 22.04 LTS (jammy): - - 2.4.1op1-1ubuntu4.21 - - 2.4.1op1-1ubuntu4.21 Advisory Details CVE-2026-27447: Ariel Silver discovered that CUPS incorrectly handles username comparisons during authorization checks. A local attacker could exploit this issue to access restricted operations without authorization. CVE-2026-34978: Asim Viladi Oglu Manizada discovered that CUPS incorrectly handles the value in the RSS notifier. A remote attacker could exploit this issue to overwrite files writable by and cause a denial of service. Other Issues: Jacob Newman discovered that CUPS incorrectly handles filter option strings when processing job attributes. An attacker could exploit this issue to cause CUPS to crash. References Launchpad Bug Risk Reduction Ubuntu Pro: Provides ten years of security coverage for over 25,000 packages in the Main and Universe repositories, free for up to five machines. Additional Information Contact Team: For further questions, please contact the team members. --- Note: The page does not contain POC code or exploit code.

Goal Reached Thanks to every supporter — we hit 100%!

Ubuntu USN-8405-2: CUPS fixes CVE-2026-27447 (Auth Bypass) & CVE-2026-34978 (DoS)

More from this source