Errata overview
Errata ID 443
Date 2018-08-15
Source package cups
Fixed in version 1.7.5-11+deb8u4A~
This update addresses the following issues:
* Invalid usernames handled in scheduler/ipp.c:add_job() allow remote
  attackers to cause a denial of service (CVE-2017-18248)
* Local privilege escalation to root due to insecure environment variable
  handling (CVE-2018-4180)
* Manipulation of cupsd.conf by a local attacker resulting in limited reads
  of arbitrary files as root (CVE-2018-4181)
* AppArmor cupsd Sandbox Bypass Due to Use of Hard Links (CVE-2018-6553)
Additional notes
CVE ID CVE-2017-18248
UCS Bug number #47570