[SECURITY] [DLA 1893-1] cups security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1893-1] cups security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 22 Aug 2019 22:45:14 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.20.1908222240360.18523@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : cups
Version        : 1.7.5-11+deb8u5
CVE ID         : CVE-2019-8675 CVE-2019-8696


Two issues have been found in cups, the Common UNIX Printing System(tm).

Basically both CVEs (CVE-2019-8675 and CVE-2019-8696) are aboutstack-buffer-overflow in two functions of libcup. One happens inasn1_get_type() the other one in asn1_get_packed().



For Debian 8 "Jessie", these problems have been fixed in version
1.7.5-11+deb8u5.

We recommend that you upgrade your cups packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl1e/tpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeY7A//VOBD8zk4Wfy37K5GXYJzcmuvwNSf3hvxWi0pynJ+vZVw7vy1tctLAcuM
NyGjOqfjParq8CTt9FomEW4pLnvSVsq3b2n2Gqg25KQ72YkDOOvqLfm6Odgc4NXa
4YIWOYv26sHLrt8rlFwp8r6BLx2RHrjXoFgiYk2ZgcOjItDk64A5DUDc/RN/Ff4T
TTEBdOcMW76Iwk6WDIga8iJs7HgE7oPhSCf0ISTU7O2MCK0ahDP5gel/KoOTnJlk
51BKTd8mRvclhCYTg7KXtlU/wN7Iy5aaybcndvyV/deizYp5l0Ie1p5RyXmCC95a
xkCtbuwoTFg9RzylFuade6u8QNwIjOAnAsIKMHFI3sXcO+GmfXUq1VojMQT+fyOG
twYNvyaD6fI2CiEQumGu79tq8a1GwFjx5PHgE/0TDYZ470vvMFj1Mf2kTWNCkeej
FREfWbu3E+N6viSZTGg8TtVKddocfJOzNBHj2HE6MdGQ/7t9xFMqcUHEXqVjpnSc
bSruQwQAsJzj5nuT5keEjIfmueBnR73LwA2JA1IFZDKKWtQ/hJJEjhN3lC6aKxq+
LPcBDb4lktErEh2PnB0UjGmB3sSGN/48t6aZiaO/5k3VakVgRxwEnuz4bauqW3Ik
bkcpXMexK7Vvd7VBbnGNMs2QMfzMhLWG6FlgcTZtScX+aMG2tkc=
=BnJy
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1892-1] flask security update
Next by Date: [SECURITY] [DLA 1886-2] openjdk-7 regression update
Previous by thread: [SECURITY] [DLA 1892-1] flask security update
Next by thread: [SECURITY] [DLA 1886-2] openjdk-7 regression update
Index(es):
- Date
- Thread