Описание
ELSA-2015-2360: cups-filters security, bug fix, and enhancement update (MODERATE)
[1.0.35-21]
- Fix heap-based buffer overflow in texttopdf filter (bug #1241242, CVE-2015-3258, CVE-2015-3279).
[1.0.35-20]
- Improvements to cups-browsed efficiency patch (bug #1191691).
[1.0.35-18]
- Fix segfault in texttopdf filter (bug #1194263).
- Improve cups-browsed efficiency (bug #1191691).
- Fetch printer descriptions with cups-browsed (bug #1223719).
- Fix cups-browsed '_' handling for printer names (bug #1167408).
[1.0.35-17]
- Build against newer poppler (bug #1217552).
[1.0.35-16]
- Applied upstream patch to fix BrowseAllow parsing issue (CVE-2014-4338, bug #1091568).
- Applied upstream patch for cups-browsed DoS via process_browse_data() out-of-bounds read (CVE-2014-4337, bug #1111510).
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
cups-filters
1.0.35-21.el7
cups-filters-devel
1.0.35-21.el7
cups-filters-libs
1.0.35-21.el7
Связанные CVE
Связанные уязвимости
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters be ...