Jann Horn discovered that users of the CUPS printing system who are part of the lpadmin group could modify several configuration parameters with security impact. Specifically, this allows an attacker to read or write arbitrary files as root which can be used to elevate privileges. This update splits the configuration file /etc/cups/cupsd.conf into two files: cupsd.conf and cups-files.conf. While t ...