Advisories » MGASA-2015-0270

Updated cups-filters package fixes security vulnerability

Publication date: 08 Jul 2015
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-3258 , CVE-2015-3279

Description

A heap-based buffer overflow was discovered in the way the texttopdf
utility of cups-filters processed print jobs with a specially crafted line
size. An attacker being able to submit print jobs could exploit this flaw
to crash texttopdf or, possibly, execute arbitrary code with the
privileges of the 'lp' user (CVE-2015-3258, CVE-2015-3279).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16221
• https://bugzilla.redhat.com/show_bug.cgi?id=1235385
• https://bugzilla.redhat.com/show_bug.cgi?id=1238990
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3258
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3279

SRPMS

4/core

• cups-filters-1.0.53-1.2.mga4

5/core

• cups-filters-1.0.71-1.mga5