SB20260417148 - openEuler 24.03 LTS update for cups

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Integer underflow (CVE-ID: CVE-2026-39314)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to integer underflow in _ppdCreateFromIPP() in cups/ppd-cache.c when processing a negative job-password-supported IPP attribute. A local user can supply a crafted IPP response to cause a denial of service.

Exploitation involves creating a local printer that points to a fake IPP printer on localhost, causing the cupsd root process to crash.

2) Use-after-free (CVE-ID: CVE-2026-39316)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to use-after-free in cupsdDeleteTemporaryPrinters() in scheduler/printers.c when deleting temporary printers that still have subscriptions referencing them. A local user can create a temporary printer with a subscription and trigger dereference of the dangling subscription pointer to execute arbitrary code.

The dangling pointer is subsequently dereferenced at multiple code sites in the scheduler, and the advisory confirms denial of service with potential code execution through heap grooming.

Remediation

Install update from vendor's website.

References

• https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1930