From URL: ---- A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filters processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code. This was discovered by Petr Sklenar of Red Hat. This is fixed in cups-filters 1.0.70. ---- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363 https://bugzilla.redhat.com/show_bug.cgi?id=1235385 The patch linked above is potentially incomplete, so it should not be used for now (http://www.openwall.com/lists/oss-security/2015/06/26/6). 1.0.66 (stable) and 1.0.68 (unstable) both need to be purged from the tree, as they are both vulnerable. Maintainers, please purge the two vulnerable versions and import 1.0.70. Thanks. Reproducible: Always
Arches please test (has only just been bumped) and stabilize: net-print/cups-filters-1.0.70 Target: all stable arches
amd64 stable
x86 stable
arm stable
Stable for HPPA PPC64.
This issue turned out to be an incomplete fix, see more details in bug 553836
CVE-2015-3258 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3258): ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. ** TEMPORARY ** A heap-based buffer overflow was discovered in the way the texttopdf utility of cups-filters processed print jobs with a specially crafted line size. An attacker being able to submit print jobs could exploit this flaw to crash texttopdf or, possibly, execute arbitrary code.
Maintainer(s), Thank you for you for cleanup. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s).
Cleanup done.
This issue was resolved and addressed in GLSA 201510-08 at https://security.gentoo.org/glsa/201510-08 by GLSA coordinator Kristian Fiskerstrand (K_F).
