Upstream information

CVE-2018-6553 at MITRE

Description

The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

SUSE Bugzilla entry: 1102219 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.


Status of this issue by product and package

Please note that this evaluation state might be work in progress, incomplete or outdated. Also information for service packs in the LTSS phase is only included for issues meeting the LTSS criteria. If in doubt, feel free to contact us for clarification.

Product(s) Source package State
SUSE Linux Enterprise BSK 12 SP3 cups Not affected
SUSE Linux Enterprise Desktop 12 SP3 cups Not affected
SUSE Linux Enterprise Module for Basesystem 15 GA cups Not affected
SUSE Linux Enterprise Module for Desktop Applications 15 GA cups Not affected
SUSE Linux Enterprise Module for Development Tools 15 GA cups Not affected
SUSE Linux Enterprise SDK 11 SP4 cups Not affected
SUSE Linux Enterprise SDK 12 SP3 cups Not affected
SUSE Linux Enterprise Server 11 SP3 LTSS cups Not affected
SUSE Linux Enterprise Server 11 SP4 cups Not affected
SUSE Linux Enterprise Server 12 GA LTSS cups Not affected
SUSE Linux Enterprise Server 12 SP1 LTSS cups Not affected
SUSE Linux Enterprise Server 12 SP2 LTSS cups Not affected
SUSE Linux Enterprise Server 12 SP3 cups Not affected