Bugzilla – Bug 937018
VUL-0: CVE-2015-3279: cups-filters: texttopdf integer overflow (incomplete fix for CVE-2015-3258)
Last modified: 2019-05-01 16:48:50 UTC
Via RH: > An integer overflow flaw leading to a heap-based buffer overflow was > discovered in the way the texttopdf utility of cups-filter processed > print jobs with a specially crafted line size. An attacker being able > to submit print jobs could exploit this flaw to crash texttopdf or, > possibly, execute arbitrary code with the privileges of the 'lp' user. > > Patch: > http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365 But: > Comment in > http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365 > claims it's CVE-2015-3259 (not 3279). SLE 12: cups-filters 1.0.58 /usr/lib/cups/filter/texttopdf openSUSE 13.2: cups-filters 1.0.58 /usr/lib/cups/filter/texttopdf References: https://bugzilla.redhat.com/show_bug.cgi?id=1238990 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3279 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3279.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3279
https://bugzilla.redhat.com/show_bug.cgi?id=1238990#c1 > Comment in > http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365 > claims it's CVE-2015-3259 (not 3279). There seems to be some confusion about the CVE for this one, might be a dup of bug 936281 / bug CVE-2015-3258. CVE-2015-3259 may be a duplicate assignment. We also bug 921753 and bug 936281 outstanding, so I am expecting to start an update soon once this is clarified.
oss-sec: > Even with the patch for CVE-2015-3258 in version 1.0.70 it was possible > to trigger an integer overflow leading to a heap-based buffer overflow > using the same vector (specially crafted line sizes). > > The integer overflow has been assigned CVE-2015-3279 and is fixed in > version 1.0.71. Apart from that, the patch also hardens against > possible crashes due to missing calloc() success checks. > > Patch: > http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365 > > Red Hat bug: > https://bugzilla.redhat.com/show_bug.cgi?id=1238990
bugbot adjusting priority
Fixed for openSUSE 13.2, see https://bugzilla.suse.com/show_bug.cgi?id=921753#c14 Fixed for openSUSE:Factory via version upgrade to cups-filters 1.0.71 in OBS "Printing" project via submitrequest 315193 that is forwarded to openSUSE:Factory via submitrequest 315194
For further processig for the maintenance update I re-asssign it to our security team.
This is an autogenerated message for OBS integration: This bug (937018) was mentioned in https://build.opensuse.org/request/show/315210 13.2 / cups-filters
Thanks, we'll handle the submissions.
openSUSE-SU-2015:1244-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 921753,936281,937018 CVE References: CVE-2015-2265,CVE-2015-3258,CVE-2015-3279 Sources used: openSUSE 13.2 (src): cups-filters-1.0.58-2.7.1
SUSE-SU-2015:1377-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 936281,937018 CVE References: CVE-2015-3258,CVE-2015-3279 Sources used: SUSE Linux Enterprise Server 12 (src): cups-filters-1.0.58-8.1 SUSE Linux Enterprise Desktop 12 (src): cups-filters-1.0.58-8.1
released