[CLSA-2026:1778253061] Fix CVE(s): CVE-2026-27447
Type:
security
Severity:
Moderate
Release date:
2026-05-08 15:13:47 UTC
Description:
* SECURITY UPDATE: fix authorization bypass in cupsd caused by case-insensitive comparison of local user and group names. - debian/patches/CVE-2026-27447.patch: compare usernames against the canonical pw_name from getpwnam() with strcmp() in cupsdCheckGroup() and cupsdIsAuthorized() in scheduler/auth.c; include the upstream follow-up "Fix unauthenticated print policies" (Issue #1557) so CUPSD_AUTH_NONE policies still match users that do not have a local account. - CVE-2026-27447.
Updated packages:
  • cups_2.2.10-6+deb10u10+tuxcare.els3_amd64.deb
    sha:860ba24feee1b5fb6858d973a027e001e1ee6a55
  • cups-bsd_2.2.10-6+deb10u10+tuxcare.els3_amd64.deb
    sha:ddd456f8c5438a422069a6367f05b45ed1d91a18
  • cups-client_2.2.10-6+deb10u10+tuxcare.els3_amd64.deb
    sha:c5e956d283b7ac7cb0addd70f0987cc3d706ccf6
  • cups-common_2.2.10-6+deb10u10+tuxcare.els3_all.deb
    sha:1e7689d85222554f396a3b68766fb708a25e6e8f
  • cups-core-drivers_2.2.10-6+deb10u10+tuxcare.els3_amd64.deb
    sha:ee26e6536f87bde0ef8efbd195fae1c2250fef7e
  • cups-daemon_2.2.10-6+deb10u10+tuxcare.els3_amd64.deb
    sha:c9307f48019c7f94f7aa973cda9f4b149727e681
  • cups-ipp-utils_2.2.10-6+deb10u10+tuxcare.els3_amd64.deb
    sha:d466b0bab207034c4cb612c7297a3d0d9a2d2419
  • cups-ppdc_2.2.10-6+deb10u10+tuxcare.els3_amd64.deb
    sha:d47f3b940e930e7a83540e312ecc8fe7462b9031
  • cups-server-common_2.2.10-6+deb10u10+tuxcare.els3_all.deb
    sha:0ec2f6411d8ee177a30ce60f3377cf40c3548835
  • libcups2_2.2.10-6+deb10u10+tuxcare.els3_amd64.deb
    sha:17a43ddc83b35f07cbd4f73379845db4a53c4e95
  • libcups2-dev_2.2.10-6+deb10u10+tuxcare.els3_amd64.deb
    sha:9027023c857c0712512db280e68f9e3d46487d83
  • libcupsimage2_2.2.10-6+deb10u10+tuxcare.els3_amd64.deb
    sha:eba45c5b36d2ec56472c364fe6e13676c05d64aa
  • libcupsimage2-dev_2.2.10-6+deb10u10+tuxcare.els3_amd64.deb
    sha:3eab3fa0e345c95e53815f2093bfc9429f734d36
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.