[3.6] cups: Predictable session cookie breaks CSRF protection (CVE-2018-4700)
A flaw was found in the CUPS printing server. Insufficient randomness
makes session
cookies predictable, breaking CSRF protection.
References:
https://security-tracker.debian.org/tracker/CVE-2018-4700
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915909
Patch:
https://github.com/apple/cups/commit/feb4c62b211bfbd78dc10d737d873439ccdfa58c (2.2.10)
(from redmine: issue id 9761, created on 2018-12-12, closed on 2019-02-19)
- Relations:
- parent #9757 (closed)
- Changesets:
- Revision 68360d67 on 2019-02-04T13:43:32Z:
main/cups: security upgrade to 2.2.10 (CVE-2018-4700)
Fixes #9761