Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 26 Jun 2015 19:59:14 +0200
From: Stefan Cornelius <>
Subject: Re: CVE-2015-3258 cups-filters: texttopdf heap-based
 buffer overflow

On Fri, 26 Jun 2015 18:43:26 +0200
Stefan Cornelius <> wrote:

> Hi,
> A heap-based buffer overflow was discovered in the way the texttopdf
> utility of cups-filters processed print jobs with a specially crafted
> line size. An attacker being able to submit print jobs could exploit
> this flaw to crash texttopdf or, possibly, execute arbitrary code.
> This was discovered by Petr Sklenar of Red Hat.
> This is fixed in cups-filters 1.0.70.
> Patch:
> Minor note on the side: The commit thanks me for the patch. The patch
> was created by Tim Waugh of Red Hat, I've merely forwarded it.
> Red Hat bug:
> Thanks,

Hi again,

I think there's a possible problem with the patch that I failed to catch
earlier in the process, so you may want to hold packaging for a bit
until this is fully investigated.

Sorry for the inconvenience.
Stefan Cornelius / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ