Oracle Linux: CVE-2022-26691: ELSA-2022-5056: cups security and bug fix update (IMPORTANT) (Multiple Advisories)
Description
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. An authorization vulnerability was found in the CUPS printing system. This security vulnerability occurs when local authorization happens. This flaw allows an attacker to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution.
Solution(s)
- oracle-linux-upgrade-cups
- oracle-linux-upgrade-cups-client
- oracle-linux-upgrade-cups-devel
- oracle-linux-upgrade-cups-filesystem
- oracle-linux-upgrade-cups-ipptool
- oracle-linux-upgrade-cups-libs
- oracle-linux-upgrade-cups-lpd
- oracle-linux-upgrade-cups-printerapp
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center