Bug 37815 - cups: Multiple issues (4.0)
cups: Multiple issues (4.0)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-3-errata
Assigned To: Felix Botner
Daniel Tröder
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-02-16 17:24 CET by Arvid Requate
Modified: 2015-09-23 17:11 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-02-16 17:24:37 CET
CVE-2014-9679: buffer overflow in cupsRasterReadPixels
Comment 1 Arvid Requate univentionstaff 2015-05-06 17:10:05 CEST
Fixed in upstream Debian package version 1.5.3-5+deb7u5
Comment 2 Arvid Requate univentionstaff 2015-06-17 16:29:17 CEST
Fixed in upstream Debian package version 1.5.3-5+deb7u6:

* Improper Update of Reference Count (CVE-2015-1158)
* Cross-Site Scripting (CVE-2015-1159)
Comment 3 Felix Botner univentionstaff 2015-09-11 10:42:22 CEST
cups 1.5.3-5+deb7u6 imported from wheezy and built in errata4.0-3.

YAML: 2015-09-11-cups.yaml
Comment 4 Daniel Tröder univentionstaff 2015-09-18 10:39:51 CEST
OK: DEBIAN_FRONTEND=noninteractive apt-get install -y cups
OK: /usr/share/doc/cups/changelog.Debian.gz
OK: r63647 + r63650 / 2015-09-11-cups.yaml / CVEs
OK: Test: apt-get install cups-pdf, ssh 10.200.3.18 -L 10631:localhost:631, add pdf-printer, print test page, download and check → CUPS test page was prperly printed
Comment 5 Janek Walkenhorst univentionstaff 2015-09-23 17:11:06 CEST
<http://errata.software-univention.de/ucs/4.0/321.html>