Date: Fri, 3 Jul 2015 13:58:17 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE-2015-3258 CVE-2015-3279 cups-filters Hi Stefan, On Fri, Jul 03, 2015 at 11:15:24AM +0200, Stefan Cornelius wrote: > On Fri, 26 Jun 2015 19:59:14 +0200 > Stefan Cornelius <scorneli@...hat.com> wrote: > > Hi again, > > > > I think there's a possible problem with the patch that I failed to > > catch earlier in the process, so you may want to hold packaging for a > > bit until this is fully investigated. > > > > Sorry for the inconvenience. > > Hi, > > Even with the patch for CVE-2015-3258 in version 1.0.70 it was possible > to trigger an integer overflow leading to a heap-based buffer overflow > using the same vector (specially crafted line sizes). > > The integer overflow has been assigned CVE-2015-3279 and is fixed in > version 1.0.71. Apart from that, the patch also hardens against > possible crashes due to missing calloc() success checks. > > Patch: > http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365 > > Red Hat bug: > https://bugzilla.redhat.com/show_bug.cgi?id=1238990 Can you confirm, is CVE-2015-3279 the right CVE? The patch uses in the description CVE-2015-3259. Although I guess the bugzilla entry from Red Hat contains the right reference. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ