Detections
Analytics

openSUSE 16 Security Update : cups (openSUSE-SU-2026:20812-1)

medium Nessus Plugin ID 317701

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20812-1 advisory.

 This update for cups fixes the following issues

 - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup (bsc#1261572).
 - CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (bsc#1261571).
 - CVE-2026-34979: Heap overflow in `get_options()` (bsc#1261570).
 - CVE-2026-34980: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network (bsc#1261569).
 - CVE-2026-34990: Local print admin token disclosure using temporary printers (bsc#1261568).
 - CVE-2026-39314: negative `job-password-supported` attribute can lead to a denial of service (bsc#1261743).
 - CVE-2026-39316: dangling subscription pointer can lead to a denial of service (bsc#1261742).
 - CVE-2026-41079: crafted SNMP response can lead to stack-based out-of-bounds read and sensitive memory disclosure (bsc#1263116).

 Changes for cups:

 - Version upgrade to 2.4.19.

 - Version upgrade to 2.4.18.

 - Version upgrade to 2.4.17:

 * The scheduler followed symbolic links when cleaning out its temporary directory (Issue #1448)
 * Updated `cupsFileGetConf` and `cupsFilePutConf` to escape more characters.
 * Updated man page `cancel` (Issue #984)
 * Updated `cupsRasterReadHeader` to validate more of the page header values (Issue #1501)
 * Fixed an issue with the class/printer CGI name checking.
 * Fixed infinite loop in `http_write()` on busy print servers (Issue #827)
 * Fixed potential TLS blocking issues (Issue #1128)
 * Fixed a job history bug in the scheduler (Issue #1440)
 * Fixed notifier logging bug that would result in nul bytes getting into the log (Issue #1450)
 * Fixed possible use-after-free in `cupsdReadClient()` (Issue #1454)
 * Fixed a document format bug in the IPP backend (Issue #1457)
 * Fixed DRAIN_OUTPUT race condition (Issue #1461)
 * Fixed a bug when then `ippFindXxx` and `ippSetXxx` functions were mixed.
 * Fixed the mapping of supply type keywords to SNMP names.
 * Fixed a bug in the IPP backend when SNMP was disabled.
 * Fixed a crash bug in the rastertoepson filter.
 * Fixed a bug in cgiCheckVariables.
 * Fixed handling read/write errors with OpenSSL (Issue #1506)
 * Fixed handling rehandshake error in `_httpTLSRead` (Issue #1508)
 * Fixed a debug printf bug on Windows (Issue #1529)
 * Fixed a recursion issue with encoding of nested collections (Issue #1539)
 * Fixed parsing of the `LimitRequestBody`, `MaxLogSize`, and `MaxRequestSize` directives in cupsd.conf (Issue #1540)
 * Fixed a parsing bug in `ipptool` (Issue #1542)
 * Fixed blank line detection in the `rastertolabel` filter (Issue #1545)
 * Fixed `httpPeek` edge case on compressed streams

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1261568

https://bugzilla.suse.com/1261569

https://bugzilla.suse.com/1261570

https://bugzilla.suse.com/1261571

https://bugzilla.suse.com/1261572

https://bugzilla.suse.com/1261742

https://bugzilla.suse.com/1261743

https://bugzilla.suse.com/1263116

https://www.suse.com/security/cve/CVE-2026-27447

https://www.suse.com/security/cve/CVE-2026-34978

https://www.suse.com/security/cve/CVE-2026-34979

https://www.suse.com/security/cve/CVE-2026-34980

https://www.suse.com/security/cve/CVE-2026-34990

https://www.suse.com/security/cve/CVE-2026-39314

https://www.suse.com/security/cve/CVE-2026-39316

https://www.suse.com/security/cve/CVE-2026-41079

Plugin Details

Severity: Medium

ID: 317701

File Name: openSUSE-2026-20812-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 5/29/2026

Updated: 5/29/2026

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:P/A:N

CVSS Score Source: CVE-2026-27447

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2026-34980

CVSS v4

Risk Factor: Medium

Base Score: 6.1

Threat Score: 5.6

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2026-34980

Vulnerability Information

CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:libcups2, p-cpe:/a:novell:opensuse:cups-config, p-cpe:/a:novell:opensuse:cups-devel, p-cpe:/a:novell:opensuse:libcupsimage2, p-cpe:/a:novell:opensuse:cups-ddk, p-cpe:/a:novell:opensuse:cups, p-cpe:/a:novell:opensuse:cups-client

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/26/2026

Vulnerability Publication Date: 4/3/2026

Reference Information

CVE: CVE-2026-27447, CVE-2026-34978, CVE-2026-34979, CVE-2026-34980, CVE-2026-34990, CVE-2026-39314, CVE-2026-39316, CVE-2026-41079