Release CUPS 2.4.17

Author: zdohnal

_posts/2026-04-17-cups-2.4.17.md

@@ -0,0 +1,31 @@
+---
+title: CUPS 2.4.17
+layout: single
+author: Zdenek
+excerpt: CUPS 2.4.17 release includes fixes for 8 vulnerabilities
+---
+
+The new release 2.4.17 contains the following security fixes:
+
+- CVE-2026-27447: The scheduler treated local user and group names as case-
+  insensitive.
+- CVE-2026-34978: The RSS notifier could write outside the scheduler's RSS 
+  directory.
+- CVE-2026-34980: The scheduler did not filter control characters from option
+  values.
+- CVE-2026-34979: The scheduler did not always allocate enough memory for a
+  job's options string.
+- CVE-2026-34990: The scheduler incorrectly allowed local certificates over the 
+  loopback interface.
+- CVE-2026-39314: Fixed the range check for job password strings.
+- CVE-2026-39316: Fixed a printer subscription bug in the scheduler.
+- CVE-2026-NNNNN: Fixed a SNMP string conversion bug in the backends.
+
+where the last CVE number is requested from Github for several days now, the number will be corrected once we have one, but we decided to make a release to share the other fixes.
+
+The release includes other fixes as well, listed in CHANGES.md.
+
+Enjoy!
+
+* <a href="https://github.com/OpenPrinting/cups/releases/tag/v2.4.17" itemprop="sameAs" rel="nofollow noopener noreferrer"><i class="fas fa-fw fa-download" aria-hidden="true"></i>Download v2.4.17</a>
+