cups: Predictable session cookie breaks CSRF protection (CVE-2018-4700)
A flaw was found in the CUPS printing server. Insufficient randomness
makes session
cookies predictable, breaking CSRF protection.
References:
https://security-tracker.debian.org/tracker/CVE-2018-4700
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915909
Patch:
https://github.com/apple/cups/commit/feb4c62b211bfbd78dc10d737d873439ccdfa58c (2.2.10)
(from redmine: issue id 9757, created on 2018-12-12, closed on 2019-02-19)
- Relations:
- child #9758 (closed)
- child #9759 (closed)
- child #9760 (closed)
- child #9761 (closed)