Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2015.1777 cups-filters security update 8 July 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: cups-filters Publisher: Debian Operating System: Debian GNU/Linux 8 Debian GNU/Linux 7 UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-3279 CVE-2015-3258 Original Bulletin: http://www.debian.org/security/2015/dsa-3303 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running cups-filters check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3303-1 security@debian.org https://www.debian.org/security/ Alessandro Ghedini July 07, 2015 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : cups-filters CVE ID : CVE-2015-3258 CVE-2015-3279 It was discovered that the texttopdf utility, part of cups-filters, was susceptible to multiple heap-based buffer overflows due to improper handling of print jobs with a specially crafted line size. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code. For the oldstable distribution (wheezy), these problems have been fixed in version 1.0.18-2.1+deb7u2. For the stable distribution (jessie), these problems have been fixed in version 1.0.61-5+deb8u1. For the unstable distribution (sid), these problems have been fixed in version 1.0.71-1. We recommend that you upgrade your cups-filters packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVm9TTAAoJEK+lG9bN5XPLZJkP/R25tt3P21nto9xxDdMn/FiJ W4qxb4vgLuFWx0gFosIAuPeGh1dtLx9xGc0IFuNO3dxd/+LTokQvvW9H9tW8Yr+O kYiYn80ba9GouH/fbT+Fx3q+2+JdBYTDCPAxSI6t+YiXNUzV/QzQbq3eMvG0zhHd njQTnHJSjfH1Vv6uF75r7CZi8RRH/4Lqyf1nHkjol8AVYf8nG8uGi3WepyALd5RO DyuturfzIqAI6P+cAp9xvble2Cqza7gUSed0brFx2Xme+i25lGswq5nraDJ7r2l9 T9GyeMBwrw44QePvYqinIgK2CUKRPBu1qwyZ0uNwR3LrMYg8ePWODVHTIY9J//NA 5rdcY63Z7C+6/L+n2li9wW07ixD6tGWC3RnJ0JOrgyte9kEsTYWFDX0ISDm5XTFE yJ2t87MjR0kE5YqPML4fgovvfVdjvTaCuy4/DygIykn301wNeeXWf27l3XIsXrxs tOo2JVJWPXYJvmRMuVYe7wVrftsnBm/w7LeYQiL9incNeaxOeYueSB9vLD27HXlD Vtw4KKMMZXHkZ/VV8kxuPdkgkLhCyJSSm5uxY9l2hgTgjxo+ywVthx71NBUPlEvm t+nYi80m3zAuGCbBzbkrjL+ZqSajyBnGJhXIj0wY8XrFaEiORGKV5O4VLlkmgHyv 1cf0zofYYwbqOgzrX8w5 =iIn9 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVZxk7X6ZAP0PgtI9AQKfvQ//TDq/fc2QL6dB75Bf7dOX6VRzuBawRmgs aJFmzTEv4krxTEqkwLQ3t8loRbYhbyycEe4B5o1AvvXFLy2+hpidMdDR6INct3kj B4MyEWiqJlNnM8WZXrw7j/DOu7lZ0WsjFy7vBDk1t10j/qwDuxpWppI4kyNa8agk a+KbKDEA/otVGVWIo2kypQ3zFBRn+SbhwcM8IUOBHIDJPDtRh8o81bHKMvBfr8dy dKVnDVDl4dj9m5U1tJk6C62eYSFVUwCdcUUA+EQMaWPVRQDnLrHQHaZHi9Cyc+4W fRwrglibFXXKKGJUoFiWqMc4tFRq403aYsc6mIm677A2xJsGXNaATQwGDmeWHY+D UuD12mLlXo+ywwuxynXK++WK6ANDNYOSPGe5ANJP/tr7auVxThAVkoUlA4faMh1f s+gv+IEHJWF9rleH3l4xFu+w99nGCA+vi372LSFjuGkLt6RqiUGt78g27BF55ufj UHlbuamnSUcMRTDcR12VIVI1ScBkCOYhUrfm5PzbLnBtMXG+pV/8S59cYj3pA5sJ H3CaR5Ayf4RDuMhOMO/rZrWRbNX/IIzJhuKJGNIRds4HcEyVyocFAzv1TjrWptMI uDmKy8+3ORZFUa6eLXBFQ0/doZumjCVIJdlnwBBZYzJxUjnFX7sg3eCChfjZ8AfH 2iC3n04fjxs= =8bpp -----END PGP SIGNATURE-----