[3.9] cups: Predictable session cookie breaks CSRF protection (CVE-2018-4700)
A flaw was found in the CUPS printing server. Insufficient randomness
makes session
cookies predictable, breaking CSRF protection.
References:
https://security-tracker.debian.org/tracker/CVE-2018-4700
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915909
Patch:
https://github.com/apple/cups/commit/feb4c62b211bfbd78dc10d737d873439ccdfa58c (2.2.10)
(from redmine: issue id 9758, created on 2018-12-12, closed on 2019-02-19)
- Relations:
- parent #9757 (closed)