Debian Security Advisory
DLA-314-1 cups -- LTS security update
- Date Reported:
- 24 Sep 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-3258, CVE-2015-3279.
- More information:
Petr Sklenar of Red Hat discovered that the texttopdf tool, part of cups filters, was susceptible to multiple heap-based buffer and integer overflows due to improper handling of print jobs. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code.
For Debian 6
Squeeze, this issue has been fixed in cups version 1.4.4-7+squeeze10. For Wheezy and Jessie, this has been fixed in the cups-filter package. We recommend you to upgrade your cups packages.