{"affected":[{"ecosystem_specific":{"binaries":[{"cups":"2.2.7-3.6.1","cups-client":"2.2.7-3.6.1","cups-config":"2.2.7-3.6.1","cups-devel":"2.2.7-3.6.1","libcups2":"2.2.7-3.6.1","libcupscgi1":"2.2.7-3.6.1","libcupsimage2":"2.2.7-3.6.1","libcupsmime1":"2.2.7-3.6.1","libcupsppdc1":"2.2.7-3.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15","name":"cups","purl":"pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.7-3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libcups2-32bit":"2.2.7-3.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Desktop Applications 15","name":"cups","purl":"pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.7-3.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cups-ddk":"2.2.7-3.6.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Development Tools 15","name":"cups","purl":"pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.2.7-3.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cups fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2018-4700: Fixed extremely predictable cookie generation that is effectively breaking the CSRF protection of the CUPS web interface (bsc#1115750).\n","id":"SUSE-SU-2018:4059-1","modified":"2018-12-10T07:07:50Z","published":"2018-12-10T07:07:50Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20184059-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1115750"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-4700"}],"related":["CVE-2018-4700"],"summary":"Security update for cups","upstream":["CVE-2018-4700"]}