ID

VAR-202205-1953

CVE

CVE-2022-26691

TITLE

macOS  Improper Comparison Vulnerability in

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. macOS contains an improper comparison vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: cups security and bug fix update Advisory ID: RHSA-2022:5056-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5056 Issue date: 2022-06-15 CVE Names: CVE-2022-26691 ===================================================================== 1. Summary: An update for cups is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: authorization bypass when using "local" authorization (CVE-2022-26691) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * 30-second delays printing to Windows 2016 server via HTTPS (BZ#2073531) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the cupsd service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2084321 - CVE-2022-26691 cups: authorization bypass when using "local" authorization 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: cups-2.2.6-45.el8_6.2.aarch64.rpm cups-client-2.2.6-45.el8_6.2.aarch64.rpm cups-client-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm cups-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm cups-debugsource-2.2.6-45.el8_6.2.aarch64.rpm cups-devel-2.2.6-45.el8_6.2.aarch64.rpm cups-ipptool-2.2.6-45.el8_6.2.aarch64.rpm cups-ipptool-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm cups-libs-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm cups-lpd-2.2.6-45.el8_6.2.aarch64.rpm cups-lpd-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm noarch: cups-filesystem-2.2.6-45.el8_6.2.noarch.rpm ppc64le: cups-2.2.6-45.el8_6.2.ppc64le.rpm cups-client-2.2.6-45.el8_6.2.ppc64le.rpm cups-client-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm cups-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm cups-debugsource-2.2.6-45.el8_6.2.ppc64le.rpm cups-devel-2.2.6-45.el8_6.2.ppc64le.rpm cups-ipptool-2.2.6-45.el8_6.2.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm cups-libs-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm cups-lpd-2.2.6-45.el8_6.2.ppc64le.rpm cups-lpd-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm s390x: cups-2.2.6-45.el8_6.2.s390x.rpm cups-client-2.2.6-45.el8_6.2.s390x.rpm cups-client-debuginfo-2.2.6-45.el8_6.2.s390x.rpm cups-debuginfo-2.2.6-45.el8_6.2.s390x.rpm cups-debugsource-2.2.6-45.el8_6.2.s390x.rpm cups-devel-2.2.6-45.el8_6.2.s390x.rpm cups-ipptool-2.2.6-45.el8_6.2.s390x.rpm cups-ipptool-debuginfo-2.2.6-45.el8_6.2.s390x.rpm cups-libs-debuginfo-2.2.6-45.el8_6.2.s390x.rpm cups-lpd-2.2.6-45.el8_6.2.s390x.rpm cups-lpd-debuginfo-2.2.6-45.el8_6.2.s390x.rpm x86_64: cups-2.2.6-45.el8_6.2.x86_64.rpm cups-client-2.2.6-45.el8_6.2.x86_64.rpm cups-client-debuginfo-2.2.6-45.el8_6.2.i686.rpm cups-client-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm cups-debuginfo-2.2.6-45.el8_6.2.i686.rpm cups-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm cups-debugsource-2.2.6-45.el8_6.2.i686.rpm cups-debugsource-2.2.6-45.el8_6.2.x86_64.rpm cups-devel-2.2.6-45.el8_6.2.i686.rpm cups-devel-2.2.6-45.el8_6.2.x86_64.rpm cups-ipptool-2.2.6-45.el8_6.2.x86_64.rpm cups-ipptool-debuginfo-2.2.6-45.el8_6.2.i686.rpm cups-ipptool-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm cups-libs-debuginfo-2.2.6-45.el8_6.2.i686.rpm cups-libs-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm cups-lpd-2.2.6-45.el8_6.2.x86_64.rpm cups-lpd-debuginfo-2.2.6-45.el8_6.2.i686.rpm cups-lpd-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: cups-2.2.6-45.el8_6.2.src.rpm aarch64: cups-client-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm cups-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm cups-debugsource-2.2.6-45.el8_6.2.aarch64.rpm cups-ipptool-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm cups-libs-2.2.6-45.el8_6.2.aarch64.rpm cups-libs-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm cups-lpd-debuginfo-2.2.6-45.el8_6.2.aarch64.rpm ppc64le: cups-client-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm cups-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm cups-debugsource-2.2.6-45.el8_6.2.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm cups-libs-2.2.6-45.el8_6.2.ppc64le.rpm cups-libs-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm cups-lpd-debuginfo-2.2.6-45.el8_6.2.ppc64le.rpm s390x: cups-client-debuginfo-2.2.6-45.el8_6.2.s390x.rpm cups-debuginfo-2.2.6-45.el8_6.2.s390x.rpm cups-debugsource-2.2.6-45.el8_6.2.s390x.rpm cups-ipptool-debuginfo-2.2.6-45.el8_6.2.s390x.rpm cups-libs-2.2.6-45.el8_6.2.s390x.rpm cups-libs-debuginfo-2.2.6-45.el8_6.2.s390x.rpm cups-lpd-debuginfo-2.2.6-45.el8_6.2.s390x.rpm x86_64: cups-client-debuginfo-2.2.6-45.el8_6.2.i686.rpm cups-client-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm cups-debuginfo-2.2.6-45.el8_6.2.i686.rpm cups-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm cups-debugsource-2.2.6-45.el8_6.2.i686.rpm cups-debugsource-2.2.6-45.el8_6.2.x86_64.rpm cups-ipptool-debuginfo-2.2.6-45.el8_6.2.i686.rpm cups-ipptool-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm cups-libs-2.2.6-45.el8_6.2.i686.rpm cups-libs-2.2.6-45.el8_6.2.x86_64.rpm cups-libs-debuginfo-2.2.6-45.el8_6.2.i686.rpm cups-libs-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm cups-lpd-debuginfo-2.2.6-45.el8_6.2.i686.rpm cups-lpd-debuginfo-2.2.6-45.el8_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-26691 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYqod69zjgjWX9erEAQiQ3A/+LM9m2kXeWz8N2fXRG00WuByQeTpYA3wO InBeSzoVT+hb82gPL2BLGVdHQlVfXo/wYN64e33Llkd/X8EEJ139Hn+Unjh0zdUR 5lL8qmhx3SIujq/F8nHnCsvodBMDtwdbRH70AHrFFlUWYtmyPb5ZmlrUUp/q0gF4 VQ6oTMRK1RxL71R1ltRAQIu/V/+J8N3j461JSfbI4Y1jzYScChQ2C2p/sKzYJHzn qwOHjGqExXDQb0MsSBk3RNreuIlMHU6e4Q6nFNwkJQR6Jfdcwm4iR58i9YAMannx /s/OXDn8UoSKqJF4TlD1rMDgWapoKtbtVlRR1fE8BhZ/QUAKPa8ky9HKY+0lSeBu xgDuP7UKwFcLV33d1hJd+HgXXj7GspXcrYkE9+VqXAMYh6RVJR/FDpif9kIg3buO +yaGEa0wLE4cdykMMk5yDK7dnm59a8GcIZPjLBroC4u2TlTShphoiiyFfjogaPC1 ZEj2zCLF4nJARYe/m//Sn8Gjg2S/14of7Gr8z1Kehw/0BT+HCzlx/oMh/jJM0PEm ExyULWcsmLRrP3VUM8beBCE86Brdq934SpRc8H2QP6Pjj/GxHG9SR6TMZkkMTaNt jQcsKd7igS3Q7oEXLNcaNXG31b7eNvWVuJtLL3PMTucSEqSlyXjEXMSDcTrP5aeR Zk1KcaJsJpQ= =ONyE -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: OpenShift API for Data Protection (OADP) 1.1.0 is now available. Description: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Bugs fixed (https://bugzilla.redhat.com/): 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 5. JIRA issues fixed (https://issues.jboss.org/): OADP-145 - Restic Restore stuck on InProgress status when app is deployed with DeploymentConfig OADP-154 - Ensure support for backing up resources based on different label selectors OADP-194 - Remove the registry dependency from OADP OADP-199 - Enable support for restore of existing resources OADP-224 - Restore silently ignore resources if they exist - restore log not updated OADP-225 - Restore doesn't update velero.io/backup-name when a resource is updated OADP-234 - Implementation of incremental restore OADP-324 - Add label to Expired backups failing garbage collection OADP-382 - 1.1: Update downstream OLM channels to support different x and y-stream releases OADP-422 - [GCP] An attempt of snapshoting volumes on CSI storageclass using Velero-native snapshots fails because it's unable to find the zone OADP-423 - CSI Backup is not blocked and does not wait for snapshot to complete OADP-478 - volumesnapshotcontent cannot be deleted; SnapshotDeleteError Failed to delete snapshot OADP-528 - The volumesnapshotcontent is not removed for the synced backup OADP-533 - OADP Backup via Ceph CSI snapshot hangs indefinitely on OpenShift v4.10 OADP-538 - typo on noDefaultBackupLocation error on DPA CR OADP-552 - Validate OADP with 4.11 and Pod Security Admissions OADP-558 - Empty Failed Backup CRs can't be removed OADP-585 - OADP 1.0.3: CSI functionality is broken on OCP 4.11 due to missing v1beta1 API version OADP-586 - registry deployment still exists on 1.1 build, and the registry pod gets recreated endlessly OADP-592 - OADP must-gather add support for insecure tls OADP-597 - BSL validation logs OADP-598 - Data mover performance on backup blocks backup process OADP-599 - [Data Mover] Datamover Restic secret cannot be configured per bsl OADP-600 - Operator should validate volsync installation and raise warning if data mover is enabled OADP-602 - Support GCP for openshift-velero-plugin registry OADP-605 - [OCP 4.11] CSI restore fails with admission webhook \"volumesnapshotclasses.snapshot.storage.k8s.io\" denied OADP-607 - DataMover: VSB is stuck on SnapshotBackupDone OADP-610 - Data mover fails if a stale volumesnapshot exists in application namespace OADP-613 - DataMover: upstream documentation refers wrong CRs OADP-637 - Restic backup fails with CA certificate OADP-643 - [Data Mover] VSB and VSR names are not unique OADP-644 - VolumeSnapshotBackup and VolumeSnapshotRestore timeouts should be configurable OADP-648 - Remove default limits for velero and restic pods OADP-652 - Data mover VolSync pod errors with Noobaa OADP-655 - DataMover: volsync-dst-vsr pod completes although not all items where restored in the namespace OADP-660 - Data mover restic secret does not support Azure OADP-698 - DataMover: volume-snapshot-mover pod points to upstream image OADP-715 - Restic restore fails: restic-wait container continuously fails with "Not found: /restores/<pod-volume>/.velero/<restore-UID>" OADP-716 - Incremental restore: second restore of a namespace partially fails OADP-736 - Data mover VSB always fails with volsync 0.5 6. For the oldstable distribution (buster), this problem has been fixed in version 2.2.10-6+deb10u6. For the stable distribution (bullseye), this problem has been fixed in version 2.3.3op2-3+deb11u2. We recommend that you upgrade your cups packages. For the detailed security status of cups please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cups Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKP0LQACgkQEMKTtsN8 TjazShAAuLbe1vQOBAX5nUuVTW4fk96gzx899Aep8Wl4AWFmLRSWzdpPVeIEuWei wgQycz4YFzKNr+FeCBIx5ZwnmddPd30RYFQjgkUg/UbFD2z3yifT5M3OQRpgsE4+ EWGPR8V2vZEw+20H22ZhtXGzPiwM+czt120v2mBX2Zf2xOtPLAFtVcLJN5PJsgfO hEgHn5zUwumqYEzD7kZNgT98eHtrUvwO3nCveOXWzR4dMD/KgMmCGQIQi+dawEef JJNRgvqIgb2sqxxYPHlq/IHQ5H7/NeYfqsHZxf2sRcRRu3XVYql4wMOiegZRk3xz +inf0V4GbVBiMfjDJYv3WnsGzm7W4I6rMTfhSq783yXSh6AUt2l/u6xoc7ca6vvd lTk5l/9ZhsFxzWdAgUA7ceqmciXCE+yTGaRDw4yP05Vp4cTBKggOz7dws5t75ixH /JHwyVQ72AtFiMkMgRjKv8+zP0FbWiOrS3EDyvCjP3vx69dXie2Z1/HvGtoaFY4f HgjAbq2i+f8umwYvcf8cdErjRz9CIX09+TuX/J/M1D8X5TNw4KRx3DChca+o94+Q ZNznkpoCnMVfmUe83P8PgcGLMD0hGai5AnjlroDJyvZn3aD84PVLdDY35wnR/6eq DyB81widY5C9SURR/CUWXx2F1NaWLmAsQbLttlFLwzVqUTf76j8= =jd0o -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-5454-2 May 31, 2022 cups vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM Summary: Several security issues were fixed in CUPS. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Joshua Mason discovered that CUPS incorrectly handled the secret key used to access the administrative web interface. A remote attacker could possibly use this issue to open a session as an administrator and execute arbitrary code. (CVE-2022-26691) It was discovered that CUPS incorrectly handled certain memory operations when handling IPP printing. A remote attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-8842, CVE-2020-10001) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: cups 2.1.3-4ubuntu0.11+esm1 In general, a standard system update will make all the necessary changes. Solution: For OpenShift Container Platform 4.10 see the following documentation, which will be updated shortly, for detailed release notes: https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html For Red Hat OpenShift Logging 5.4, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS 5. JIRA issues fixed (https://issues.jboss.org/): LOG-2536 - Setting up ODF S3 for loki LOG-2640 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated. LOG-2757 - [release-5.4] index rollover cronjob fails on openshift-logging operator LOG-2762 - [release-5.4]Events and CLO csv are not collected after running `oc adm must-gather --image=$downstream-clo-image ` LOG-2780 - Loki cannot send logs after upgrade to 5.4.3 from 5.4.2 with 'http' LOG-2781 - OpenShift Logging Dashboard for Elastic Shards shows "active_primary" instead of "active" shards. LOG-2786 - [release-5.4] Token not added to Vector config when forwarding logs to Lokistack with Token+CA bundle. LOG-2791 - [release-5.4] ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image 6. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

authorization issue

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2026-01-29T20:24:25.375000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE