Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 553836 (CVE-2015-3279) - <net-print/cups-filters-1.0.71: Incorrect fix for heap-based buffer overflow (CVE-2015-3279)
Summary: <net-print/cups-filters-1.0.71: Incorrect fix for heap-based buffer overflow ...
Status: RESOLVED FIXED
Alias: CVE-2015-3279
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://seclists.org/oss-sec/2015/q3/18
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-03 10:01 UTC by Kristian Fiskerstrand (RETIRED)
Modified: 2015-10-31 15:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-07-03 10:01:57 UTC
From ${URL}:
Hi,

Even with the patch for CVE-2015-3258 in version 1.0.70 it was possible
to trigger an integer overflow leading to a heap-based buffer overflow
using the same vector (specially crafted line sizes).

The integer overflow has been assigned CVE-2015-3279 and is fixed in
version 1.0.71. Apart from that, the patch also hardens against
possible crashes due to missing calloc() success checks.

Patch:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365

Red Hat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1238990
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2015-07-03 12:25:17 UTC
+*cups-filters-1.0.71 (03 Jul 2015)
+
+  03 Jul 2015; Andreas K. Huettel <dilfridge@gentoo.org>
+  +cups-filters-1.0.71.ebuild:
+  Version bump, bug 553836
+
Comment 2 Andreas K. Hüttel archtester gentoo-dev 2015-07-03 12:29:09 UTC
Arches please stabilize net-print/cups-filters-1.0.71
Target: all stable arches
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2015-07-04 05:20:47 UTC
Stable for HPPA PPC64.
Comment 4 Tobias Klausmann (RETIRED) gentoo-dev 2015-07-04 11:39:07 UTC
Stable on alpha.
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-04 17:07:35 UTC
amd64 stable
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-09 18:23:18 UTC
arm stable
Comment 7 Anthony Basile gentoo-dev 2015-07-15 20:19:51 UTC
stable for ppc.
Comment 8 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-19 17:55:18 UTC
x86 stable
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2015-07-19 20:27:52 UTC
CVE-2015-3279 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3279):
  Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before
  1.0.71 allows remote attackers to cause a denial of service (crash) or
  possibly execute arbitrary code via a crafted line size in a print job,
  which triggers a heap-based buffer overflow.
Comment 10 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-07-22 15:13:14 UTC
ia64 stable
Comment 11 Agostino Sarubbo gentoo-dev 2015-07-23 09:39:52 UTC
sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 12 Yury German Gentoo Infrastructure gentoo-dev 2015-08-10 22:51:03 UTC
Maintainer(s), Thank you for you for cleanup.
Added to an existing GLSA Request.

Maintainer(s), please drop the vulnerable version(s).
Comment 13 Manuel Rüger (RETIRED) gentoo-dev 2015-08-27 18:10:25 UTC
Cleanup done.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2015-10-31 15:35:29 UTC
This issue was resolved and addressed in
 GLSA 201510-08 at https://security.gentoo.org/glsa/201510-08
by GLSA coordinator Kristian Fiskerstrand (K_F).