Details of VAR-202205-1953

ID

VAR-202205-1953

CVE

CVE-2022-26691

TITLE

macOS Improper Comparison Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-011787

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. macOS contains an improper comparison vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This security vulnerability occurs when local authorization happens. This flaw allows an malicious user to authenticate to CUPS as root/admin without the 32-byte secret key and perform arbitrary code execution. (CVE-2022-26691). Summary: OpenShift API for Data Protection (OADP) 1.0.4 is now available. Description: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Bugs fixed (https://bugzilla.redhat.com/): 2045880 - CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter 2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working 5. Bug Fix(es): * 30-second delays printing to Windows 2016 server via HTTPS (BZ#2073531) 4. For the oldstable distribution (buster), this problem has been fixed in version 2.2.10-6+deb10u6. For the stable distribution (bullseye), this problem has been fixed in version 2.3.3op2-3+deb11u2. We recommend that you upgrade your cups packages. For the detailed security status of cups please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cups Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmKP0LQACgkQEMKTtsN8 TjazShAAuLbe1vQOBAX5nUuVTW4fk96gzx899Aep8Wl4AWFmLRSWzdpPVeIEuWei wgQycz4YFzKNr+FeCBIx5ZwnmddPd30RYFQjgkUg/UbFD2z3yifT5M3OQRpgsE4+ EWGPR8V2vZEw+20H22ZhtXGzPiwM+czt120v2mBX2Zf2xOtPLAFtVcLJN5PJsgfO hEgHn5zUwumqYEzD7kZNgT98eHtrUvwO3nCveOXWzR4dMD/KgMmCGQIQi+dawEef JJNRgvqIgb2sqxxYPHlq/IHQ5H7/NeYfqsHZxf2sRcRRu3XVYql4wMOiegZRk3xz +inf0V4GbVBiMfjDJYv3WnsGzm7W4I6rMTfhSq783yXSh6AUt2l/u6xoc7ca6vvd lTk5l/9ZhsFxzWdAgUA7ceqmciXCE+yTGaRDw4yP05Vp4cTBKggOz7dws5t75ixH /JHwyVQ72AtFiMkMgRjKv8+zP0FbWiOrS3EDyvCjP3vx69dXie2Z1/HvGtoaFY4f HgjAbq2i+f8umwYvcf8cdErjRz9CIX09+TuX/J/M1D8X5TNw4KRx3DChca+o94+Q ZNznkpoCnMVfmUe83P8PgcGLMD0hGai5AnjlroDJyvZn3aD84PVLdDY35wnR/6eq DyB81widY5C9SURR/CUWXx2F1NaWLmAsQbLttlFLwzVqUTf76j8= =jd0o -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: cups security update Advisory ID: RHSA-2022:5055-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5055 Issue date: 2022-06-15 CVE Names: CVE-2022-26691 ===================================================================== 1. Summary: An update for cups is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: authorization bypass when using "local" authorization (CVE-2022-26691) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the cupsd service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2084321 - CVE-2022-26691 cups: authorization bypass when using "local" authorization 6. Package List: Red Hat Enterprise Linux AppStream EUS (v. 8.2): aarch64: cups-2.2.6-33.el8_2.1.aarch64.rpm cups-client-2.2.6-33.el8_2.1.aarch64.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-debugsource-2.2.6-33.el8_2.1.aarch64.rpm cups-devel-2.2.6-33.el8_2.1.aarch64.rpm cups-ipptool-2.2.6-33.el8_2.1.aarch64.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-lpd-2.2.6-33.el8_2.1.aarch64.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm noarch: cups-filesystem-2.2.6-33.el8_2.1.noarch.rpm ppc64le: cups-2.2.6-33.el8_2.1.ppc64le.rpm cups-client-2.2.6-33.el8_2.1.ppc64le.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-debugsource-2.2.6-33.el8_2.1.ppc64le.rpm cups-devel-2.2.6-33.el8_2.1.ppc64le.rpm cups-ipptool-2.2.6-33.el8_2.1.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-lpd-2.2.6-33.el8_2.1.ppc64le.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm s390x: cups-2.2.6-33.el8_2.1.s390x.rpm cups-client-2.2.6-33.el8_2.1.s390x.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-debugsource-2.2.6-33.el8_2.1.s390x.rpm cups-devel-2.2.6-33.el8_2.1.s390x.rpm cups-ipptool-2.2.6-33.el8_2.1.s390x.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-lpd-2.2.6-33.el8_2.1.s390x.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.s390x.rpm x86_64: cups-2.2.6-33.el8_2.1.x86_64.rpm cups-client-2.2.6-33.el8_2.1.x86_64.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-debugsource-2.2.6-33.el8_2.1.i686.rpm cups-debugsource-2.2.6-33.el8_2.1.x86_64.rpm cups-devel-2.2.6-33.el8_2.1.i686.rpm cups-devel-2.2.6-33.el8_2.1.x86_64.rpm cups-ipptool-2.2.6-33.el8_2.1.x86_64.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-lpd-2.2.6-33.el8_2.1.x86_64.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm Red Hat Enterprise Linux BaseOS EUS (v. 8.2): Source: cups-2.2.6-33.el8_2.1.src.rpm aarch64: cups-client-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-debugsource-2.2.6-33.el8_2.1.aarch64.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-libs-2.2.6-33.el8_2.1.aarch64.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.aarch64.rpm ppc64le: cups-client-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-debugsource-2.2.6-33.el8_2.1.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-libs-2.2.6-33.el8_2.1.ppc64le.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.ppc64le.rpm s390x: cups-client-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-debugsource-2.2.6-33.el8_2.1.s390x.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-libs-2.2.6-33.el8_2.1.s390x.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.s390x.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.s390x.rpm x86_64: cups-client-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-client-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-debugsource-2.2.6-33.el8_2.1.i686.rpm cups-debugsource-2.2.6-33.el8_2.1.x86_64.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-ipptool-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-libs-2.2.6-33.el8_2.1.i686.rpm cups-libs-2.2.6-33.el8_2.1.x86_64.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-libs-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.i686.rpm cups-lpd-debuginfo-2.2.6-33.el8_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-26691 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYqod1tzjgjWX9erEAQhBKg//SHPCnzKfy01h9CMuvhjLi8tAwiOYOU9x tB+OQpJ979g2FAN6AWwCSesQzkpoOpLF9A/2QFnQsl33uWkVZmV32rniZ2BQ/FBj FDtU69ysQwSBgeySu6J+N34o1Wel78YagmTgPgIFCpT5GXL+/aGuSswq5WAqe41Y 7k5flG0z6zDD108RNG7vUg0B2CPZkQkK18jj/OPUQtWlDA3S5RDGkDzX8onBNO1z 7uKz6CtqCNVvd+J6XlgXq3hjGYKEs2+kic4Z5ezRGER3U7C9IfS0ZmZlCjr5jVSc UXghrbjFV0aKSZtwzPNhW/smfCXyqwQ7TtaGfRqzsoU4AvvmUEPYStnNw5P1CYq8 1itaxdM0wSl+D2OcU8SGTMFgnMZBfHy79gopq7JPtcc5hx0gCyOt1M7N/0HmEBt7 Oqj79IGh/Ok7OUbwwi5lNyOGBBl4M8KhNvHav5Y7loCP9usOhTAW/hFfRyasNnHD 6DZVa+Cg1QN40O+T5UtMNTCpirAtIrQncjpjO3p0ZwCzR3a2yNJ+jMfGfpfN1Oif OlJWvwryUeSSRmX3H0afKn2IANG4qWMsrOesca3a0T+Cnw8AdFqfNEI5H0WDHpPo 0K3jTAFGEPzpQAsmv/ENRah5+xMHvvzguX0Y876jNHeudoJBb+/bQtLbo9ZUR+Cp CIexjs+IfbE= =BOLW -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. ========================================================================== Ubuntu Security Notice USN-5454-1 May 31, 2022 cups vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 21.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in CUPS. Software Description: - cups: Common UNIX Printing System(tm) Details: Joshua Mason discovered that CUPS incorrectly handled the secret key used to access the administrative web interface. A remote attacker could possibly use this issue to open a session as an administrator and execute arbitrary code. (CVE-2022-26691) It was discovered that CUPS incorrectly handled certain memory operations when handling IPP printing. A remote attacker could possibly use this issue to cause CUPS to crash, leading to a denial of service, or obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-8842, CVE-2020-10001) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: cups 2.4.1op1-1ubuntu4.1 Ubuntu 21.10: cups 2.3.3op2-7ubuntu2.1 Ubuntu 20.04 LTS: cups 2.3.1-9ubuntu1.2 Ubuntu 18.04 LTS: cups 2.2.7-1ubuntu2.9 In general, a standard system update will make all the necessary changes

Trust: 2.34

sources: NVD: CVE-2022-26691 // JVNDB: JVNDB-2022-011787 // VULHUB: VHN-417360 // VULMON: CVE-2022-26691 // PACKETSTORM: 168351 // PACKETSTORM: 167510 // PACKETSTORM: 169349 // PACKETSTORM: 167501 // PACKETSTORM: 167514 // PACKETSTORM: 167332

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.6.5	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.15.7	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	36	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	apple	model:	cups	scope:	lt	version:	499.4	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	gt	version:	12.0.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	openprinting	model:	cups	scope:	lt	version:	2.4.2	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.3	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	cups	scope:	-	version:	-	Trust: 0.8
vendor:	openprinting	model:	cups	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-011787 // NVD: CVE-2022-26691

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-26691
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-26691
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202205-4149
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-417360
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-26691
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-26691
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-417360
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-26691
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-26691
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-417360 // VULMON: CVE-2022-26691 // CNNVD: CNNVD-202205-4149 // JVNDB: JVNDB-2022-011787 // NVD: CVE-2022-26691

PROBLEMTYPE DATA

problemtype:	CWE-697	Trust: 1.0
problemtype:	Inappropriate comparison (CWE-697) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-269	Trust: 0.1

sources: VULHUB: VHN-417360 // JVNDB: JVNDB-2022-011787 // NVD: CVE-2022-26691

THREAT TYPE

local

Trust: 0.7

sources: PACKETSTORM: 169349 // CNNVD: CNNVD-202205-4149

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202205-4149

PATCH

title:	HT213184 Apple Security update	url:	https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html	Trust: 0.8
title:	Apple macOS Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=195379	Trust: 0.6
title:	Debian CVElist Bug Report Logs: cups: CVE-2022-26691: authorization bypass when using "local" authorization	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=4083971026961f67214911abf1061c00	Trust: 0.1
title:	Debian Security Advisories: DSA-5149-1 cups -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=5c3e2a8a674123f96fd928688add2133	Trust: 0.1
title:	Red Hat: Important: cups security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225057 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: cups security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225055 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: cups security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225056 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: cups security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225054 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: cups security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20224990 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: USN-5454-2: CUPS vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5454-2	Trust: 0.1
title:	Ubuntu Security Notice: USN-5454-1: CUPS vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-5454-1	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-108	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-108	Trust: 0.1
title:	Amazon Linux 2022: ALAS2022-2022-203	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022&qid=ALAS2022-2022-203	Trust: 0.1
title:	Red Hat: Moderate: Logging Subsystem 5.4.3 - Red Hat OpenShift security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225556 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226290 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20226430 - Security Advisory	Trust: 0.1
title:	Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225483 - Security Advisory	Trust: 0.1
title:	Red Hat: Important: OpenShift Container Platform 4.11.0 bug fix and security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20225069 - Security Advisory	Trust: 0.1

sources: VULMON: CVE-2022-26691 // CNNVD: CNNVD-202205-4149 // JVNDB: JVNDB-2022-011787

EXTERNAL IDS

db:	NVD	id:	CVE-2022-26691	Trust: 4.0
db:	ICS CERT	id:	ICSA-24-046-11	Trust: 0.9
db:	PACKETSTORM	id:	167514	Trust: 0.8
db:	PACKETSTORM	id:	167332	Trust: 0.8
db:	JVN	id:	JVNVU91198149	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-011787	Trust: 0.8
db:	PACKETSTORM	id:	167338	Trust: 0.7
db:	PACKETSTORM	id:	167845	Trust: 0.7
db:	PACKETSTORM	id:	168228	Trust: 0.7
db:	CS-HELP	id:	SB2022053129	Trust: 0.6
db:	CS-HELP	id:	SB2022052626	Trust: 0.6
db:	CS-HELP	id:	SB2022053018	Trust: 0.6
db:	CS-HELP	id:	SB2022072010	Trust: 0.6
db:	CS-HELP	id:	SB2022070643	Trust: 0.6
db:	CS-HELP	id:	SB2022060108	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2675	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.4324	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3977	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.2609	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.3236	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-4149	Trust: 0.6
db:	PACKETSTORM	id:	167501	Trust: 0.2
db:	PACKETSTORM	id:	167510	Trust: 0.2
db:	PACKETSTORM	id:	167512	Trust: 0.1
db:	PACKETSTORM	id:	167507	Trust: 0.1
db:	VULHUB	id:	VHN-417360	Trust: 0.1
db:	VULMON	id:	CVE-2022-26691	Trust: 0.1
db:	PACKETSTORM	id:	168351	Trust: 0.1
db:	PACKETSTORM	id:	169349	Trust: 0.1

sources: VULHUB: VHN-417360 // VULMON: CVE-2022-26691 // PACKETSTORM: 168351 // PACKETSTORM: 167510 // PACKETSTORM: 169349 // PACKETSTORM: 167501 // PACKETSTORM: 167514 // PACKETSTORM: 167332 // CNNVD: CNNVD-202205-4149 // JVNDB: JVNDB-2022-011787 // NVD: CVE-2022-26691

REFERENCES

url:	https://www.debian.org/security/2022/dsa-5149	Trust: 1.9
url:	https://github.com/openprinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444	Trust: 1.8
url:	https://github.com/mandiant/vulnerability-disclosures/blob/master/2022/mndt-2022-0026/mndt-2022-0026.md	Trust: 1.8
url:	https://support.apple.com/en-us/ht213183	Trust: 1.8
url:	https://support.apple.com/en-us/ht213184	Trust: 1.8
url:	https://support.apple.com/en-us/ht213185	Trust: 1.8
url:	https://lists.debian.org/debian-lts-announce/2022/05/msg00039.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26691	Trust: 1.3
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/kq6td7f3vritpehfdhzhk7mu6febmz5u/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yqrit4h75xv6m42k7ztarwz7yllyqhpo/	Trust: 1.1
url:	https://access.redhat.com/security/cve/cve-2022-26691	Trust: 1.0
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11	Trust: 0.9
url:	https://jvn.jp/vu/jvnvu91198149/index.html	Trust: 0.8
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/kq6td7f3vritpehfdhzhk7mu6febmz5u/	Trust: 0.7
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/yqrit4h75xv6m42k7ztarwz7yllyqhpo/	Trust: 0.7
url:	https://cxsecurity.com/cveshow/cve-2022-26691/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022052626	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3977	Trust: 0.6
url:	https://packetstormsecurity.com/files/167332/ubuntu-security-notice-usn-5454-1.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167845/red-hat-security-advisory-2022-5556-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/168228/red-hat-security-advisory-2022-6290-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb20220720108	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cups-privilege-escalation-via-local-authorization-certificate-strings-comparison-38451	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2609	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022060108	Trust: 0.6
url:	https://packetstormsecurity.com/files/167338/ubuntu-security-notice-usn-5454-2.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/167514/red-hat-security-advisory-2022-4990-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022053018	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022070643	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.2675	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.3236	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4324	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022053129	Trust: 0.6
url:	https://access.redhat.com/articles/11258	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/697.html	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1011769	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5454-2	Trust: 0.1
url:	https://alas.aws.amazon.com/al2022/alas-2022-108.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-2097	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3634	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25314	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2068	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1292	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-32148	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1962	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-30630	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-21698	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1292	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-30629	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1586	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-2068	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2097	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1271	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40528	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-32206	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-25313	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1586	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-2526	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-32208	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25314	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3634	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-40528	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-1705	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-30631	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-24675	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:6430	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-24675	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25313	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21698	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-2526	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-29824	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1271	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-29154	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2022-1962	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:5056	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/cups	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:5055	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2022:4990	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8842	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.9	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5454-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/cups/2.3.3op2-7ubuntu2.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.1	Trust: 0.1

CREDITS

Red Hat

Trust: 0.4

sources: PACKETSTORM: 168351 // PACKETSTORM: 167510 // PACKETSTORM: 167501 // PACKETSTORM: 167514

SOURCES

db:	VULHUB	id:	VHN-417360
db:	VULMON	id:	CVE-2022-26691
db:	PACKETSTORM	id:	168351
db:	PACKETSTORM	id:	167510
db:	PACKETSTORM	id:	169349
db:	PACKETSTORM	id:	167501
db:	PACKETSTORM	id:	167514
db:	PACKETSTORM	id:	167332
db:	CNNVD	id:	CNNVD-202205-4149
db:	JVNDB	id:	JVNDB-2022-011787
db:	NVD	id:	CVE-2022-26691

LAST UPDATE DATE

2026-02-06T20:26:10.655000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-417360	date:	2022-10-19T00:00:00
db:	VULMON	id:	CVE-2022-26691	date:	2023-11-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-4149	date:	2022-09-02T00:00:00
db:	JVNDB	id:	JVNDB-2022-011787	date:	2024-02-19T06:47:00
db:	NVD	id:	CVE-2022-26691	date:	2024-11-21T06:54:19.673

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-417360	date:	2022-05-26T00:00:00
db:	VULMON	id:	CVE-2022-26691	date:	2022-05-26T00:00:00
db:	PACKETSTORM	id:	168351	date:	2022-09-13T15:41:58
db:	PACKETSTORM	id:	167510	date:	2022-06-20T00:43:44
db:	PACKETSTORM	id:	169349	date:	2022-05-28T19:12:00
db:	PACKETSTORM	id:	167501	date:	2022-06-20T00:29:28
db:	PACKETSTORM	id:	167514	date:	2022-06-20T00:46:30
db:	PACKETSTORM	id:	167332	date:	2022-05-31T17:25:20
db:	CNNVD	id:	CNNVD-202205-4149	date:	2022-05-25T00:00:00
db:	JVNDB	id:	JVNDB-2022-011787	date:	2023-08-24T00:00:00
db:	NVD	id:	CVE-2022-26691	date:	2022-05-26T18:15:09.340