[CLSA-2026:1777392623] cups: Fix of CVE-2026-34980
Type:
security
Severity:
Important
Release date:
2026-04-28 16:10:28 UTC
Description:
- CVE-2026-34980: filter control characters from IPP option values and allowlist PPD keywords returned by filters so a remote attacker cannot inject cupsFilter/cupsFilter2 entries on a shared PostScript queue and gain code execution as the cupsd user.
Updated packages:
  • cups-2.2.6-57.el8.tuxcare.els5.x86_64.rpm
    sha:392f6ec9513dcea8be56f2674db4958de46ac9e59401d9e1a7f98980d33ae464
  • cups-client-2.2.6-57.el8.tuxcare.els5.x86_64.rpm
    sha:a9574160d23ca88f3faa2d4f467fc82f32ebbf313a414568ab1fed960d5c0f71
  • cups-devel-2.2.6-57.el8.tuxcare.els5.i686.rpm
    sha:57692f4a93cb2fa825e90b3eb08d99d60ecfcecc8c2fc761a483357744641de4
  • cups-devel-2.2.6-57.el8.tuxcare.els5.x86_64.rpm
    sha:710c51afb859117c5466a0f37fefe73da50c4a7dd08aecc0877c4582bf6a32fe
  • cups-filesystem-2.2.6-57.el8.tuxcare.els5.noarch.rpm
    sha:44a6009b467066cbea25206e00f3bbd14617ab6b3eeecaa61d6dddf3f72784d4
  • cups-ipptool-2.2.6-57.el8.tuxcare.els5.x86_64.rpm
    sha:6aa05f171af628550f0bfe9cf2a434764accca764f504113687db27f229c71ea
  • cups-libs-2.2.6-57.el8.tuxcare.els5.i686.rpm
    sha:76570c0300d770a692bb3b10ad41c6419758ed36f1347109e91cfcb72408324f
  • cups-libs-2.2.6-57.el8.tuxcare.els5.x86_64.rpm
    sha:ac9f7df9fc537baf591a794af114c159f31d87ee01d57fb7516a9b5cb044f514
  • cups-lpd-2.2.6-57.el8.tuxcare.els5.x86_64.rpm
    sha:ea9a13af8dd9520d32b19bba8520927f157fd940a83c4d3529b9d40e2bfec09c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.