[gentoo-announce] [ GLSA 201510-08 ] cups-filters: Multiple vulnerabilities - gentoo-announce

From:	Kristian Fiskerstrand <k_f@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201510-08 ] cups-filters: Multiple vulnerabilities
Date:	Sat, 31 Oct 2015 15:37:15
Message-Id:	`5634DEE8.7090300@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201510-08

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: cups-filters: Multiple vulnerabilities

9

     Date: October 31, 2015

10

     Bugs: #553644, #553836

11

       ID: 201510-08

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in cups-filters, the worst of

19

which could lead to arbitrary code execution.

20

21

Background

22

==========

23

24

cups-filters is an OpenPrinting CUPS Filters.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package              /     Vulnerable     /            Unaffected

31

    -------------------------------------------------------------------

32

  1  net-print/cups-filters       < 1.0.71                  >= 1.0.71

33

34

Description

35

===========

36

37

Multiple vulnerabilities have been discovered in cups-filters. Please

38

review the CVE identifiers referenced below for details.

39

40

Impact

41

======

42

43

A remote attacker could entice a user to open a specially crafted print

44

job using cups-filters, possibly resulting in execution of arbitrary

45

code with the privileges of the process or a Denial of Service

46

condition.

47

48

Workaround

49

==========

50

51

There is no known workaround at this time.

52

53

Resolution

54

==========

55

56

All cups-filters users should upgrade to the latest version:

57

58

  # emerge --sync

59

  # emerge --ask --oneshot --verbose ">=net-print/cups-filters-1.0.71"

60

61

References

62

==========

63

64

[ 1 ] CVE-2015-3258

65

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3258

66

[ 2 ] CVE-2015-3279

67

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3279

68

69

Availability

70

============

71

72

This GLSA and any updates to it are available for viewing at

73

the Gentoo Security Website:

74

75

 https://security.gentoo.org/glsa/201510-08

76

77

Concerns?

78

=========

79

80

Security is a primary focus of Gentoo Linux and ensuring the

81

confidentiality and security of our users' machines is of utmost

82

importance to us. Any security concerns should be addressed to

83

security@g.o or alternatively, you may file a bug at

84

https://bugs.gentoo.org.

85

86

License

87

=======

88

89

Copyright 2015 Gentoo Foundation, Inc; referenced text

90

belongs to its owner(s).

91

92

The contents of this document are licensed under the

93

Creative Commons - Attribution / Share Alike license.

94

95

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201510-08
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: cups-filters: Multiple vulnerabilities
9	Date: October 31, 2015
10	Bugs: #553644, #553836
11	ID: 201510-08
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in cups-filters, the worst of
19	which could lead to arbitrary code execution.
20
21	Background
22	==========
23
24	cups-filters is an OpenPrinting CUPS Filters.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 net-print/cups-filters < 1.0.71 >= 1.0.71
33
34	Description
35	===========
36
37	Multiple vulnerabilities have been discovered in cups-filters. Please
38	review the CVE identifiers referenced below for details.
39
40	Impact
41	======
42
43	A remote attacker could entice a user to open a specially crafted print
44	job using cups-filters, possibly resulting in execution of arbitrary
45	code with the privileges of the process or a Denial of Service
46	condition.
47
48	Workaround
49	==========
50
51	There is no known workaround at this time.
52
53	Resolution
54	==========
55
56	All cups-filters users should upgrade to the latest version:
57
58	# emerge --sync
59	# emerge --ask --oneshot --verbose ">=net-print/cups-filters-1.0.71"
60
61	References
62	==========
63
64	[ 1 ] CVE-2015-3258
65	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3258
66	[ 2 ] CVE-2015-3279
67	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3279
68
69	Availability
70	============
71
72	This GLSA and any updates to it are available for viewing at
73	the Gentoo Security Website:
74
75	https://security.gentoo.org/glsa/201510-08
76
77	Concerns?
78	=========
79
80	Security is a primary focus of Gentoo Linux and ensuring the
81	confidentiality and security of our users' machines is of utmost
82	importance to us. Any security concerns should be addressed to
83	security@g.o or alternatively, you may file a bug at
84	https://bugs.gentoo.org.
85
86	License
87	=======
88
89	Copyright 2015 Gentoo Foundation, Inc; referenced text
90	belongs to its owner(s).
91
92	The contents of this document are licensed under the
93	Creative Commons - Attribution / Share Alike license.
94
95	http://creativecommons.org/licenses/by-sa/2.5