Errata overview
Errata ID 431
Date 2019-02-27
Source package cups
Fixed in version 2.2.1-8+deb9u3A~
This update addresses the following issues:
* Invalid usernames handled in scheduler/ipp.c:add_job() allow remote
  attackers to cause a denial of service (CVE-2017-18248)
* Predictable session cookie breaks CSRF protection (CVE-2018-4700)
Additional notes
CVE ID CVE-2017-18248
UCS Bug number #48772