Security update for cups-filters
cups-filters was updated to fix three security issues.
These security issues were fixed:
- CVE-2015-2265: The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allowed remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707 (bsc#921753).
- CVE-2015-3279: Texttopdf integer overflow (incomplete fix for CVE-2015-3258) (bsc#937018).
- CVE-2015-3258: Texttopdf heap-based buffer overflow (bsc#936281).
-
Submitted by
Johannes Meixner (jsmeix)
Fixed bugs
bnc#921753
VUL-0: CVE-2015-2265: cups-filters: remote command execution in remove_bad_chars() (incomplete fix for CVE-2014-2707)
bnc#937018
VUL-0: CVE-2015-3279: cups-filters: texttopdf integer overflow (incomplete fix for CVE-2015-3258)
bnc#936281
VUL-0: CVE-2015-3258: cups-filters: texttopdf heap-based buffer overflow
