[CLSA-2026:1777393200] cups: Fix of CVE-2026-34980
Type:
security
Severity:
Important
Release date:
2026-04-28 16:20:04 UTC
Description:
- CVE-2026-34980: filter control characters from IPP option values and allowlist PPD keywords returned by filters so a remote attacker cannot inject cupsFilter/cupsFilter2 entries on a shared PostScript queue and gain code execution as the cupsd user.
Updated packages:
  • cups-2.2.6-40.el8.tuxcare.els8.x86_64.rpm
    sha:005688d4b49fd88e3aebbe30e2c8b99a4cd2b86433eacf2dfbe298965268d9cd
  • cups-client-2.2.6-40.el8.tuxcare.els8.x86_64.rpm
    sha:05fed5fd2ce5fe194e49838fd7971260ca4facaeb891b381a8988bc5e26989f3
  • cups-devel-2.2.6-40.el8.tuxcare.els8.i686.rpm
    sha:1c2180fb767bf9d62973f77116bd02871dd02bab60259b3eb4fc63b2312b89c8
  • cups-devel-2.2.6-40.el8.tuxcare.els8.x86_64.rpm
    sha:85f400102c5443b0d87ae0e134050fdadea53a8484689417a6b915ff41833a05
  • cups-filesystem-2.2.6-40.el8.tuxcare.els8.noarch.rpm
    sha:a148825e1f0250531d1b65da60f3dd539bf9d946068aa8a5733caee4da36466a
  • cups-ipptool-2.2.6-40.el8.tuxcare.els8.x86_64.rpm
    sha:ae4a29b1a174aa80cee1790cf4250b66e873c1cffb01fc3fe714409298c80396
  • cups-libs-2.2.6-40.el8.tuxcare.els8.i686.rpm
    sha:aae4bdda98b50cdffcf851f7bfe2dab90f64ac4ca1dde77c6acf52c1946d0690
  • cups-libs-2.2.6-40.el8.tuxcare.els8.x86_64.rpm
    sha:be1c3fb281cb1d9f58c3f4ad4cd5065826f2800bc70ec76af65897c340b8a252
  • cups-lpd-2.2.6-40.el8.tuxcare.els8.x86_64.rpm
    sha:51a982ce2159ff4b027f7ed584056b7956f608399c8db7dcf90e83d0d80b48a4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.