Errata overview
Errata ID 46
Date 2018-05-16
Source package cups
Fixed in version 2.2.1-8+deb9u1A~
This update addresses the following issue:
* CVE-2017-18190: Prevent an issue where remote attackers could execute
  arbitrary IPP commands by sending POST requests to the CUPS daemon in
  conjunction with DNS rebinding. This was caused by a whitelisted
  "localhost.localdomain" entry.
Additional notes
CVE ID CVE-2017-18190
UCS Bug number #46625