Bugzilla – Bug 866302
VUL-1: cups-filters: several security issues
Last modified: 2014-03-27 08:12:36 UTC
bugbot adjusting priority
CVE-2013-6476: CVE-2013-6475: CVE-2013-6474: fix: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176 CVE-2013-6473: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175 Reviewing that I am not convinced we need an update right now for SLE. -> planned
also cups on SLE11 does not contain OPVP or urftopdf at all, so SUSE LInux Enterprise is not affected.
I change the bug's subject from "cups: cups-filters: several security issues" to "cups-filters: several security issues" because cups-filters is not part of CUPS. cups-filters is a separated source package that is currently nowhere distributed in any SUSE or openSUSE product. Currently SUSE is not at all affected.
The issue is fixed since cups-filters 1.0.47 see its NEWS file entry: --------------------------------------------------------------------------- - pdftoopvp: SECURITY FIX for CVE-2013-6474, CVE-2013-6475, and CVE-2013-6476: Introductionof gmallocn and gmallocn3 to protect against arbitrary code execution with the privileges of the "lp" user via malicious PDF files. Also restrict the directory from where OPVP drivers can get loaded. - urftopdf: SECURITY FIX for CVE-2013-6473: Two heap-based buffer overflow flaws in urftopdf. If a malicious URF file were processed it could lead to arbitrary code execution with the privileges of the "lp" user. --------------------------------------------------------------------------- cups-filters 1.0.49 submitted and accepted in its devel project "Printing" via OBS submitrequest 227590 and forwarded to openSUSE:Factory via OBS submitrequest 227591.