The sandbox profile dynamically generated by cupsdCreateProfile() unintentionally allows write access to /etc/cups. This can be used by an attacker that has obtained sandboxed root access to alter /etc/cups/cups-files.conf, leading to unsandboxed root code execution.
Created cups tracking bugs for this issue:
Affects: fedora-all [bug 1607293]
Fedora and RHEL are not affected by this flaw since Sandbox feature is not enabled on Linux.
This issue did not affect the versions of cups as shipped with Red Hat Enterprise Linux as cups on Linux does not support the Sandbox feature.