|Summary:||<net-print/cups-filters-1.0.70: remote code execution (CVE-2015-3258)|
|Product:||Gentoo Security||Reporter:||Sam James <sam>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Whiteboard:||B2 [glsa cve]|
|Package list:||Runtime testing required:||---|
Description Sam James 2015-06-30 13:53:51 UTC
From URL: ---- A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filters processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code. This was discovered by Petr Sklenar of Red Hat. This is fixed in cups-filters 1.0.70. ---- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363 https://bugzilla.redhat.com/show_bug.cgi?id=1235385 The patch linked above is potentially incomplete, so it should not be used for now (http://www.openwall.com/lists/oss-security/2015/06/26/6). 1.0.66 (stable) and 1.0.68 (unstable) both need to be purged from the tree, as they are both vulnerable. Maintainers, please purge the two vulnerable versions and import 1.0.70. Thanks. Reproducible: Always
Comment 1 Andreas K. Hüttel 2015-06-30 14:32:48 UTC
Arches please test (has only just been bumped) and stabilize: net-print/cups-filters-1.0.70 Target: all stable arches
Comment 2 Agostino Sarubbo 2015-06-30 15:43:54 UTC
Comment 3 Agostino Sarubbo 2015-06-30 15:44:07 UTC
Comment 4 Mikle Kolyada 2015-07-01 08:54:53 UTC
Comment 5 Jeroen Roovers (RETIRED) 2015-07-02 04:17:34 UTC
Stable for HPPA PPC64.
Comment 6 Kristian Fiskerstrand (RETIRED) 2015-07-03 10:03:08 UTC
This issue turned out to be an incomplete fix, see more details in bug 553836
Comment 7 GLSAMaker/CVETool Bot 2015-07-06 12:30:29 UTC
CVE-2015-3258 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3258): ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. ** TEMPORARY ** A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filters processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code.
Comment 8 Yury German 2015-08-10 22:37:40 UTC
Maintainer(s), Thank you for you for cleanup. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s).
Comment 9 Manuel Rüger (RETIRED) 2015-08-27 18:11:52 UTC