SUSE-SU-2026:21787-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-202621787-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:21787-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:21787-1
Upstream
Related
Published
2026-05-26T12:01:22Z
Modified
2026-05-28T18:24:00.394378765Z
Summary
Security update for cups
Details

This update for cups fixes the following issues

  • CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup (bsc#1261572).
  • CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (bsc#1261571).
  • CVE-2026-34979: Heap overflow in get_options() (bsc#1261570).
  • CVE-2026-34980: Shared PostScript queue lets anonymous Print-Job requests reach lp code execution over the network (bsc#1261569).
  • CVE-2026-34990: Local print admin token disclosure using temporary printers (bsc#1261568).
  • CVE-2026-39314: negative job-password-supported attribute can lead to a denial of service (bsc#1261743).
  • CVE-2026-39316: dangling subscription pointer can lead to a denial of service (bsc#1261742).
  • CVE-2026-41079: crafted SNMP response can lead to stack-based out-of-bounds read and sensitive memory disclosure (bsc#1263116).

Changes for cups:

  • Version upgrade to 2.4.19
References

Affected packages