oss-sec mailing list archives
Re: CVE-2015-3258 CVE-2015-3279 cups-filters
From: Stefan Cornelius <scorneli () redhat com>
Date: Fri, 3 Jul 2015 11:15:24 +0200
On Fri, 26 Jun 2015 19:59:14 +0200 Stefan Cornelius <scorneli () redhat com> wrote:
Hi again, I think there's a possible problem with the patch that I failed to catch earlier in the process, so you may want to hold packaging for a bit until this is fully investigated. Sorry for the inconvenience.
Hi, Even with the patch for CVE-2015-3258 in version 1.0.70 it was possible to trigger an integer overflow leading to a heap-based buffer overflow using the same vector (specially crafted line sizes). The integer overflow has been assigned CVE-2015-3279 and is fixed in version 1.0.71. Apart from that, the patch also hardens against possible crashes due to missing calloc() success checks. Patch: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365 Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1238990 Thanks, -- Stefan Cornelius / Red Hat Product Security
Current thread:
- Re: CVE-2015-3258 CVE-2015-3279 cups-filters Stefan Cornelius (Jul 03)
- Re: CVE-2015-3258 CVE-2015-3279 cups-filters Salvatore Bonaccorso (Jul 03)
- Re: CVE-2015-3258 CVE-2015-3279 cups-filters Tim Waugh (Jul 03)
- Re: CVE-2015-3258 CVE-2015-3279 cups-filters Salvatore Bonaccorso (Jul 03)
- Re: CVE-2015-3258 CVE-2015-3279 cups-filters Tim Waugh (Jul 03)
- Re: CVE-2015-3258 CVE-2015-3279 cups-filters Salvatore Bonaccorso (Jul 03)