ID

VAR-201802-0492


CVE

CVE-2017-18190


TITLE

CUPS Vulnerabilities related to security functions

Trust: 0.8

sources: JVNDB: JVNDB-2017-012680

DESCRIPTION

A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1). CUPS Contains vulnerabilities related to security features.Information may be tampered with. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. This vulnerability can be used to execute arbitrary IPP commands. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Bug Fix(es): * Gather image registry config (backport to 4.3) (BZ#1836815) * Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist (BZ#1849176) * Login with OpenShift not working after cluster upgrade (BZ#1852429) * Limit the size of gathered federated metrics from alerts in Insights Operator (BZ#1874018) * [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs (BZ#1879110) * [release 4.3] OpenShift APIs become unavailable for more than 15 minutes after one of master nodes went down(OAuth) (BZ#1880293) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-x86_64 The image digest is sha256:9ff90174a170379e90a9ead6e0d8cf6f439004191f80762764a5ca3dbaab01dc (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-s390x The image digest is sha256:605ddde0442e604cfe2d6bd1541ce48df5956fe626edf9cc95b1fca75d231b64 (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.3.40-ppc64le The image digest is sha256:d3c9e391c145338eae3feb7f6a4e487dadc8139a353117d642fe686d277bcccc 3. Solution: For OpenShift Container Platform 4.3 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.3/updating/updating-cluster - -cli.html. Bugs fixed (https://bugzilla.redhat.com/): 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1836815 - Gather image registry config (backport to 4.3) 1849176 - Builds fail after running postCommit script if OCP cluster is configured with a container registry whitelist 1874018 - Limit the size of gathered federated metrics from alerts in Insights Operator 1874399 - [DR] etcd-member-recover.sh fails to pull image with unauthorized 1879110 - [4.3] Storage operator stops reconciling when going Upgradeable=False on v1alpha1 CRDs 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security and bug fix update Advisory ID: RHSA-2020:3864-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3864 Issue date: 2020-09-29 CVE Names: CVE-2017-18190 CVE-2019-8675 CVE-2019-8696 ==================================================================== 1. Summary: An update for cups is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: DNS rebinding attacks via incorrect whitelist (CVE-2017-18190) * cups: stack-buffer-overflow in libcups's asn1_get_type function (CVE-2019-8675) * cups: stack-buffer-overflow in libcups's asn1_get_packed function (CVE-2019-8696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the cupsd service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1546395 - CVE-2017-18190 cups: DNS rebinding attacks via incorrect whitelist 1715907 - CUPS- client: cupsGetPPD3() function tries to load PPD from IPP printer and not from the CUPS queue 1738455 - CVE-2019-8675 cups: stack-buffer-overflow in libcups's asn1_get_type function 1738497 - CVE-2019-8696 cups: stack-buffer-overflow in libcups's asn1_get_packed function 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: cups-1.6.3-51.el7.src.rpm noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: cups-1.6.3-51.el7.src.rpm noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: cups-1.6.3-51.el7.src.rpm noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm ppc64: cups-1.6.3-51.el7.ppc64.rpm cups-client-1.6.3-51.el7.ppc64.rpm cups-debuginfo-1.6.3-51.el7.ppc.rpm cups-debuginfo-1.6.3-51.el7.ppc64.rpm cups-devel-1.6.3-51.el7.ppc.rpm cups-devel-1.6.3-51.el7.ppc64.rpm cups-libs-1.6.3-51.el7.ppc.rpm cups-libs-1.6.3-51.el7.ppc64.rpm cups-lpd-1.6.3-51.el7.ppc64.rpm ppc64le: cups-1.6.3-51.el7.ppc64le.rpm cups-client-1.6.3-51.el7.ppc64le.rpm cups-debuginfo-1.6.3-51.el7.ppc64le.rpm cups-devel-1.6.3-51.el7.ppc64le.rpm cups-libs-1.6.3-51.el7.ppc64le.rpm cups-lpd-1.6.3-51.el7.ppc64le.rpm s390x: cups-1.6.3-51.el7.s390x.rpm cups-client-1.6.3-51.el7.s390x.rpm cups-debuginfo-1.6.3-51.el7.s390.rpm cups-debuginfo-1.6.3-51.el7.s390x.rpm cups-devel-1.6.3-51.el7.s390.rpm cups-devel-1.6.3-51.el7.s390x.rpm cups-libs-1.6.3-51.el7.s390.rpm cups-libs-1.6.3-51.el7.s390x.rpm cups-lpd-1.6.3-51.el7.s390x.rpm x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: cups-debuginfo-1.6.3-51.el7.ppc64.rpm cups-ipptool-1.6.3-51.el7.ppc64.rpm ppc64le: cups-debuginfo-1.6.3-51.el7.ppc64le.rpm cups-ipptool-1.6.3-51.el7.ppc64le.rpm s390x: cups-debuginfo-1.6.3-51.el7.s390x.rpm cups-ipptool-1.6.3-51.el7.s390x.rpm x86_64: cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: cups-1.6.3-51.el7.src.rpm noarch: cups-filesystem-1.6.3-51.el7.noarch.rpm x86_64: cups-1.6.3-51.el7.x86_64.rpm cups-client-1.6.3-51.el7.x86_64.rpm cups-debuginfo-1.6.3-51.el7.i686.rpm cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-devel-1.6.3-51.el7.i686.rpm cups-devel-1.6.3-51.el7.x86_64.rpm cups-libs-1.6.3-51.el7.i686.rpm cups-libs-1.6.3-51.el7.x86_64.rpm cups-lpd-1.6.3-51.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: cups-debuginfo-1.6.3-51.el7.x86_64.rpm cups-ipptool-1.6.3-51.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-18190 https://access.redhat.com/security/cve/CVE-2019-8675 https://access.redhat.com/security/cve/CVE-2019-8696 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OfSNzjgjWX9erEAQip1g//fGQ6FQsoJ/QpnHB9KiGT507Wl0HwxQYz FaaarvC/P+E78cXLDikMs/eIY9dIXeyOZyPja/u4sNSwl/ZwPxqrm7ikV0va3UrE +NciXotVICT59ONqmFwNoBsAkxHG84hDxuhRKe8MDgJQWrOruXsbzxzznQam6s4v etRS7p8TPKDyYCGqQui8WRvFWQtVbtFHGR7Gnz5AMkTFanUqU9dxQu070UbUtkNl 6TpB++/AU9X48a/RkLlt7rgtEAT0eG0VJkPUxhollegIWxTq6ICuKwLcnH7jnphD nY5DEUE7NdP8rPkw9XKnKSlkIR68M3SMDhu/cfvwfj0QzsjzERRNdOIbKiFiV3/w Ayp2r2r9XxWAUXp7Rgm6meRlmNv+lTAyTXLVo3VrtGpU6221vszaiLhlQikqExsu 9DwvLWMyabQrdv+eWCYCRYyz/oiv+j7LjB6sN83baF9nF7WBSTIeTVq3ZgMo/orX vWmaRdN0ozVtKKsVGtns7Cb9UUIpU2h903i3VNa6SJKS1TyiqvkfG7Yq+h63BDyw CB3c0K/3W/KX9GhbqVLM/q45xBPkqCCliSoeibSL+LgbgAXokIXd4Pen9C76h6g2 FsI6JQ/SQ8iPaXDyWd8P7BVANKBIL/tXknRCQSUjC7mGJA372/euzQw98+FYCUzq RML7ea/mqjI=bzrd -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3577-1 February 21, 2018 cups vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: CUPS could be made to provide access to printers over the network. Software Description: - cups: Common UNIX Printing System(tm) Details: Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack. (CVE-2017-18190) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: cups 2.1.3-4ubuntu0.4 Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.9 In general, a standard system update will make all the necessary changes

Trust: 2.07

sources: NVD: CVE-2017-18190 // JVNDB: JVNDB-2017-012680 // VULHUB: VHN-109288 // VULMON: CVE-2017-18190 // PACKETSTORM: 159661 // PACKETSTORM: 159343 // PACKETSTORM: 146494

AFFECTED PRODUCTS

vendor:applemodel:cupsscope:ltversion:2.2.2

Trust: 1.8

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.6

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:debianmodel:gnu/linuxscope:eqversion:7.0

Trust: 0.8

sources: JVNDB: JVNDB-2017-012680 // CNNVD: CNNVD-201802-883 // NVD: CVE-2017-18190

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-18190
value: HIGH

Trust: 1.0

NVD: CVE-2017-18190
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201802-883
value: HIGH

Trust: 0.6

VULHUB: VHN-109288
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-18190
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-18190
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-109288
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-18190
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-109288 // VULMON: CVE-2017-18190 // JVNDB: JVNDB-2017-012680 // CNNVD: CNNVD-201802-883 // NVD: CVE-2017-18190

PROBLEMTYPE DATA

problemtype:CWE-290

Trust: 1.1

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-109288 // JVNDB: JVNDB-2017-012680 // NVD: CVE-2017-18190

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-883

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201802-883

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-012680

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-109288

PATCH

title:[SECURITY] [DLA 1288-1] cups security updateurl:https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html

Trust: 0.8

title:Don't treat "localhost.localdomain" as an allowed replacement for localhost, since it isn't.url:https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41

Trust: 0.8

title:Apple CUPS Fixing measures for security feature vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92097

Trust: 0.6

title:Ubuntu Security Notice: cups vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3577-1

Trust: 0.1

title:Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204264 - Security Advisory

Trust: 0.1

sources: VULMON: CVE-2017-18190 // JVNDB: JVNDB-2017-012680 // CNNVD: CNNVD-201802-883

EXTERNAL IDS

db:NVDid:CVE-2017-18190

Trust: 2.9

db:PACKETSTORMid:159343

Trust: 0.8

db:PACKETSTORMid:159661

Trust: 0.8

db:JVNDBid:JVNDB-2017-012680

Trust: 0.8

db:CNNVDid:CNNVD-201802-883

Trust: 0.7

db:AUSCERTid:ESB-2020.3631

Trust: 0.6

db:AUSCERTid:ESB-2020.3376

Trust: 0.6

db:PACKETSTORMid:146494

Trust: 0.2

db:VULHUBid:VHN-109288

Trust: 0.1

db:VULMONid:CVE-2017-18190

Trust: 0.1

sources: VULHUB: VHN-109288 // VULMON: CVE-2017-18190 // JVNDB: JVNDB-2017-012680 // PACKETSTORM: 159661 // PACKETSTORM: 159343 // PACKETSTORM: 146494 // CNNVD: CNNVD-201802-883 // NVD: CVE-2017-18190

REFERENCES

url:https://usn.ubuntu.com/3577-1/

Trust: 1.9

url:https://bugs.chromium.org/p/project-zero/issues/detail?id=1048

Trust: 1.8

url:https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2018/02/msg00023.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-18190

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18190

Trust: 0.8

url:https://packetstormsecurity.com/files/159661/red-hat-security-advisory-2020-4264-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3376/

Trust: 0.6

url:https://packetstormsecurity.com/files/159343/red-hat-security-advisory-2020-3864-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3631/

Trust: 0.6

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.2

url:https://bugzilla.redhat.com/):

Trust: 0.2

url:https://access.redhat.com/security/team/contact/

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8696

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-8675

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2017-18190

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/290.html

Trust: 0.1

url:https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp2-cve-2017-18190

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4264

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17006

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12749

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-2974

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19126

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14866

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17023

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17023

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-6829

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-12652

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12403

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20388

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11756

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11756

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12243

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11068

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-18197

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17498

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-18197

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12749

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#low

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-7595

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17006

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2226

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2780

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19956

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-16935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5094

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-19956

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-12450

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-2974

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2752

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-20386

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.3/release_notes/ocp-4-3-rel

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2574

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-17546

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-14352

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14822

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14822

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12400

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11727

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11719

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-15903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-16935

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2225

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5482

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-8492

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12825

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-20843

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-14973

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12402

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2181

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5188

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-12652

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-12401

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-12450

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-20843

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2182

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17546

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20388

Trust: 0.1

url:https://docs.openshift.com/container-platform/4.3/updating/updating-cluster

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-14866

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20386

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-24750

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2224

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-5094

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11727

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-5188

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-9283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-19126

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11068

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15903

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-17498

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2020-2812

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8675

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/team/key/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8696

Trust: 0.1

url:https://access.redhat.com/articles/11258

Trust: 0.1

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3864

Trust: 0.1

url:https://www.ubuntu.com/usn/usn-3577-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.9

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.4

Trust: 0.1

sources: VULHUB: VHN-109288 // VULMON: CVE-2017-18190 // JVNDB: JVNDB-2017-012680 // PACKETSTORM: 159661 // PACKETSTORM: 159343 // PACKETSTORM: 146494 // CNNVD: CNNVD-201802-883 // NVD: CVE-2017-18190

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 159661 // PACKETSTORM: 159343 // CNNVD: CNNVD-201802-883

SOURCES

db:VULHUBid:VHN-109288
db:VULMONid:CVE-2017-18190
db:JVNDBid:JVNDB-2017-012680
db:PACKETSTORMid:159661
db:PACKETSTORMid:159343
db:PACKETSTORMid:146494
db:CNNVDid:CNNVD-201802-883
db:NVDid:CVE-2017-18190

LAST UPDATE DATE

2024-11-23T20:02:42.208000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-109288date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-18190date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-012680date:2018-04-04T00:00:00
db:CNNVDid:CNNVD-201802-883date:2020-10-23T00:00:00
db:NVDid:CVE-2017-18190date:2024-11-21T03:19:31.260

SOURCES RELEASE DATE

db:VULHUBid:VHN-109288date:2018-02-16T00:00:00
db:VULMONid:CVE-2017-18190date:2018-02-16T00:00:00
db:JVNDBid:JVNDB-2017-012680date:2018-04-04T00:00:00
db:PACKETSTORMid:159661date:2020-10-21T15:40:32
db:PACKETSTORMid:159343date:2020-09-30T15:42:35
db:PACKETSTORMid:146494date:2018-02-20T22:25:00
db:CNNVDid:CNNVD-201802-883date:2018-02-16T00:00:00
db:NVDid:CVE-2017-18190date:2018-02-16T17:29:00.217