| Package | cups |
|---|---|
| Version | 2.2.1-8+deb9u13 (stretch), 2.2.10-6+deb10u12 (buster) |
| Related CVEs | CVE-2025-58060 CVE-2025-58364 |
Two vulnerabilities were discovered in cups, the Common UNIX Printing System, which may result in authentication bypass with AuthType Negotiate or in denial of service (daemon crash).
For Debian 10 buster, these problems have been fixed in version 2.2.10-6+deb10u12.
For Debian 9 stretch, these problems have been fixed in version 2.2.1-8+deb9u13.
We recommend that you upgrade your cups packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.