SB2019010844 - Cross-site request forgery in cups (Alpine package)
Published: January 8, 2019
Security Bulletin ID
SB2019010844
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Cross-site request forgery (CVE-ID: CVE-2018-4700)
The vulnerability allows a remote attacker to perform CSRF attack.The weakness exists in the CUPS printing server due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and perform arbitrary actions.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=1e85ba7cf47c73eaf15e950267dba27e92ae3d1d
- https://git.alpinelinux.org/aports/commit/?id=aab6fd6ad9335b5dcd7ffbb1541583e2f722114d
- https://git.alpinelinux.org/aports/commit/?id=d76f1a5eb2c5b7d28084d2409d4c37b49a3892fe
- https://git.alpinelinux.org/aports/commit/?id=68360d670a4378ffa3a8e120bb4e9b7bb36267f5
- https://git.alpinelinux.org/aports/commit/?id=2f186b4a430de0eab78872fa2d1b61c3d32d45d2
- https://git.alpinelinux.org/aports/commit/?id=671ec375ba7ca1800eb669d70251fedfed2e8cd7
- https://git.alpinelinux.org/aports/commit/?id=69b77bf7b39d42f173925a274c637dd34d502781