Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.1777
cups-filters security update
8 July 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: cups-filters
Publisher: Debian
Operating System: Debian GNU/Linux 8
Debian GNU/Linux 7
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2015-3279 CVE-2015-3258
Original Bulletin:
http://www.debian.org/security/2015/dsa-3303
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running cups-filters check for an updated version of the software
for their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3303-1 security@debian.org
https://www.debian.org/security/ Alessandro Ghedini
July 07, 2015 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : cups-filters
CVE ID : CVE-2015-3258 CVE-2015-3279
It was discovered that the texttopdf utility, part of cups-filters, was
susceptible to multiple heap-based buffer overflows due to improper
handling of print jobs with a specially crafted line size. This could
allow remote attackers to crash texttopdf or possibly execute arbitrary
code.
For the oldstable distribution (wheezy), these problems have been fixed
in version 1.0.18-2.1+deb7u2.
For the stable distribution (jessie), these problems have been fixed in
version 1.0.61-5+deb8u1.
For the unstable distribution (sid), these problems have been fixed in
version 1.0.71-1.
We recommend that you upgrade your cups-filters packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJVm9TTAAoJEK+lG9bN5XPLZJkP/R25tt3P21nto9xxDdMn/FiJ
W4qxb4vgLuFWx0gFosIAuPeGh1dtLx9xGc0IFuNO3dxd/+LTokQvvW9H9tW8Yr+O
kYiYn80ba9GouH/fbT+Fx3q+2+JdBYTDCPAxSI6t+YiXNUzV/QzQbq3eMvG0zhHd
njQTnHJSjfH1Vv6uF75r7CZi8RRH/4Lqyf1nHkjol8AVYf8nG8uGi3WepyALd5RO
DyuturfzIqAI6P+cAp9xvble2Cqza7gUSed0brFx2Xme+i25lGswq5nraDJ7r2l9
T9GyeMBwrw44QePvYqinIgK2CUKRPBu1qwyZ0uNwR3LrMYg8ePWODVHTIY9J//NA
5rdcY63Z7C+6/L+n2li9wW07ixD6tGWC3RnJ0JOrgyte9kEsTYWFDX0ISDm5XTFE
yJ2t87MjR0kE5YqPML4fgovvfVdjvTaCuy4/DygIykn301wNeeXWf27l3XIsXrxs
tOo2JVJWPXYJvmRMuVYe7wVrftsnBm/w7LeYQiL9incNeaxOeYueSB9vLD27HXlD
Vtw4KKMMZXHkZ/VV8kxuPdkgkLhCyJSSm5uxY9l2hgTgjxo+ywVthx71NBUPlEvm
t+nYi80m3zAuGCbBzbkrjL+ZqSajyBnGJhXIj0wY8XrFaEiORGKV5O4VLlkmgHyv
1cf0zofYYwbqOgzrX8w5
=iIn9
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVZxk7X6ZAP0PgtI9AQKfvQ//TDq/fc2QL6dB75Bf7dOX6VRzuBawRmgs
aJFmzTEv4krxTEqkwLQ3t8loRbYhbyycEe4B5o1AvvXFLy2+hpidMdDR6INct3kj
B4MyEWiqJlNnM8WZXrw7j/DOu7lZ0WsjFy7vBDk1t10j/qwDuxpWppI4kyNa8agk
a+KbKDEA/otVGVWIo2kypQ3zFBRn+SbhwcM8IUOBHIDJPDtRh8o81bHKMvBfr8dy
dKVnDVDl4dj9m5U1tJk6C62eYSFVUwCdcUUA+EQMaWPVRQDnLrHQHaZHi9Cyc+4W
fRwrglibFXXKKGJUoFiWqMc4tFRq403aYsc6mIm677A2xJsGXNaATQwGDmeWHY+D
UuD12mLlXo+ywwuxynXK++WK6ANDNYOSPGe5ANJP/tr7auVxThAVkoUlA4faMh1f
s+gv+IEHJWF9rleH3l4xFu+w99nGCA+vi372LSFjuGkLt6RqiUGt78g27BF55ufj
UHlbuamnSUcMRTDcR12VIVI1ScBkCOYhUrfm5PzbLnBtMXG+pV/8S59cYj3pA5sJ
H3CaR5Ayf4RDuMhOMO/rZrWRbNX/IIzJhuKJGNIRds4HcEyVyocFAzv1TjrWptMI
uDmKy8+3ORZFUa6eLXBFQ0/doZumjCVIJdlnwBBZYzJxUjnFX7sg3eCChfjZ8AfH
2iC3n04fjxs=
=8bpp
-----END PGP SIGNATURE-----