-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.3147
                       cups-filters security update
                             16 December 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           cups-filters
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-8560  

Original Bulletin: 
   http://www.debian.org/security/2015/dsa-3419

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running cups-filters check for an updated version of the software 
         for their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3419-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 15, 2015                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : cups-filters
CVE ID         : CVE-2015-8560
Debian Bug     : 807930

Adam Chester discovered that missing input sanitising in the
foomatic-rip print filter might result in the execution of arbitrary
commands.

For the stable distribution (jessie), this problem has been fixed in
version 1.0.61-5+deb8u3.

For the unstable distribution (sid), this problem has been fixed in
version 1.4.0-1.

We recommend that you upgrade your cups-filters packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWcEkkAAoJEAVMuPMTQ89EB7QP/Rg3zx17xwfl08PAA1zDTzYm
uHz1oCPKn7ILIOoWGpAAqJykJOGTEOYh8E5HyTS5QqPjFBIX/DAgiaxgqpNjTG19
SOSbRdNrUFDdmHzBT3nB8Z7aGwpLXQxukPeXy0dA/pYUmfxqqDfpQUvwWhlOpSn4
X6Kk1aeloJL4FxrcldAr8oSUFsrBw5VtuOeP5yAwOQAT7J1iby2mqUddhKYXERIe
Z+I/GtmCrZ8KvJ5L62Wo+Wfg0BcAHsW472TOxXusq+kJf56ndiJL2G4H0q/n9wNj
cq5XVLLH1jKa32MaumAK69EHDPEVhPleRUDKyQhJvyN790jWehuEkHm0gdoE53mC
fM2ZHubfOMLZNnwly6W44r4Q7Bau+PqrK/kPqtWkP0KyaFGnqSBce5W4ResNzLCa
XGLt5CyrAszwa6VYVpWw8DMYi3S0WmYoe7yttCaBydtX9vJkAwEytJ7mZCbEiYT5
Lm3fB5EBufzhUBRqZq79x5TVM7nerMQoRRxJjL+FMpIF4+o9wP0ePvAZzvdzhLsi
9ji7tObNh3TcACsFQWBhU0AVajTDzu3SGJ1KyGa618VpvFqe9gpcdNnEYHRxHQAq
Fvhz1RDfJoP4KbR8ISzqvPYDbakxRQswW+eROmNwapukyxI4W7V8txq/NJcW2+aS
36Jd2TO/UQQMozIdB1EU
=GdJY
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVnDTln6ZAP0PgtI9AQJ/fBAAnWJryQAAtpj2FsyN/BOSSRI4m0JjppNZ
UCmdsCe+PZ5GyCitgulW854JS3jnFqFqoqZ321AvtI2QSfeikaP8lkIetlKFy1rp
c1WofI/e3gnbzR/DjcdLeR6iIMk9azyCKowT95N0uFtgcyCedLsAun9nqbvTEaVc
qOoc1zUm927Ts686k+B+aN9YM3FUvcYGee2+R/Vx/KL9r96/wMsRo714OjjCg5/c
YmQ11+PFYO2mmQa6jQUt9n26Cutd7PrvC43rDOsJ2xzrGQ0Kmi0pL2GOXDltdqUN
BoOyTuUaLyvw2u5TfEiRUKmGeUWKrHtjNA8/QOcJMHVoKKG74wBTxHx2v0mrARVX
B2nbr47zeH7nPmnZn0kXkn7WXyMUUZnH2z2CaQ+h+e5Z7pdlsNYJlXpJ5LBnKLdU
u65H+Z/loHFr0bMTo8LIUkxai66Zp9axlkf9t4Jek6UN0JA5m1TSAAd3slCnFPU1
8Lye+X/j04ITIudV/qdw7HKTjxgsBoGLQ8MO012s6PcWiD2uI1yIgS9yE1/FFDuy
cegpXuHXJayMFlBOqTvfc61+uBt3q4U1M4iaD2OETTFfv0PXB5voDQByg7VbGp8R
ebazNH0Z9cLpMF8WhMg1NzTSv9FyQj2w+7rSf+SMo69jz0dF8rsojJO9aZ/3ftjD
Mz2xh7YtlRQ=
=JxGk
-----END PGP SIGNATURE-----