Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-314-1 cups

Debian Security Advisory

DLA-314-1 cups -- LTS security update

Date Reported:

24 Sep 2015

Affected Packages:

cups

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-3258, CVE-2015-3279.

More information:

Petr Sklenar of Red Hat discovered that the texttopdf tool, part of cups filters, was susceptible to multiple heap-based buffer and integer overflows due to improper handling of print jobs. This could allow remote attackers to crash texttopdf or possibly execute arbitrary code.

For Debian 6 Squeeze, this issue has been fixed in cups version 1.4.4-7+squeeze10. For Wheezy and Jessie, this has been fixed in the cups-filter package. We recommend you to upgrade your cups packages.