Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 3 Jul 2015 13:58:17 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2015-3258 CVE-2015-3279 cups-filters

Hi Stefan,

On Fri, Jul 03, 2015 at 11:15:24AM +0200, Stefan Cornelius wrote:
> On Fri, 26 Jun 2015 19:59:14 +0200
> Stefan Cornelius <scorneli@...hat.com> wrote:
> > Hi again,
> > 
> > I think there's a possible problem with the patch that I failed to
> > catch earlier in the process, so you may want to hold packaging for a
> > bit until this is fully investigated.
> > 
> > Sorry for the inconvenience.
> 
> Hi,
> 
> Even with the patch for CVE-2015-3258 in version 1.0.70 it was possible
> to trigger an integer overflow leading to a heap-based buffer overflow
> using the same vector (specially crafted line sizes).
> 
> The integer overflow has been assigned CVE-2015-3279 and is fixed in
> version 1.0.71. Apart from that, the patch also hardens against
> possible crashes due to missing calloc() success checks.
> 
> Patch:
> http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365
> 
> Red Hat bug:
> https://bugzilla.redhat.com/show_bug.cgi?id=1238990

Can you confirm, is CVE-2015-3279 the right CVE? The patch uses in the
description CVE-2015-3259. Although I guess the bugzilla entry from
Red Hat contains the right reference.

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ