Debian Security Advisory

DLA-314-1 cups -- LTS security update

Date Reported:
24 Sep 2015
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2015-3258, CVE-2015-3279.
More information:

Petr Sklenar of Red Hat discovered that the texttopdf tool, part of cups filters, was susceptible to multiple heap-based buffer and integer overflows due to improper handling of print jobs. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code.

For Debian 6 Squeeze, this issue has been fixed in cups version 1.4.4-7+squeeze10. For Wheezy and Jessie, this has been fixed in the cups-filter package. We recommend you to upgrade your cups packages.