Medium: t1utils

2015-06-2220:26:00

alas.aws.amazon.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.076 Low

EPSS

Percentile

94.2%

JSON

Issue Overview:

A buffer overflow flaw was found in the way t1utils processed, for example, certain PFB (Printer Font Binary) files. An attacker could use this flaw to potentially execute arbitrary code by tricking a user into processing a specially crafted PFB file with t1utils.

Affected Packages:

t1utils

Issue Correction:
Run yum update t1utils to update your system.

New Packages:

i686:  
    t1utils-1.39-1.3.amzn1.i686  
    t1utils-debuginfo-1.39-1.3.amzn1.i686  
  
src:  
    t1utils-1.39-1.3.amzn1.src  
  
x86_64:  
    t1utils-debuginfo-1.39-1.3.amzn1.x86_64  
    t1utils-1.39-1.3.amzn1.x86_64

Additional References

Red Hat: CVE-2015-3905

Mitre: CVE-2015-3905

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686t1utils< 1.39-1.3.amzn1t1utils-1.39-1.3.amzn1.i686.rpm
Amazon Linux1i686t1utils-debuginfo< 1.39-1.3.amzn1t1utils-debuginfo-1.39-1.3.amzn1.i686.rpm
Amazon Linux1x86_64t1utils-debuginfo< 1.39-1.3.amzn1t1utils-debuginfo-1.39-1.3.amzn1.x86_64.rpm
Amazon Linux1x86_64t1utils< 1.39-1.3.amzn1t1utils-1.39-1.3.amzn1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
Amazon Linux	1	i686	t1utils	< 1.39-1.3.amzn1	t1utils-1.39-1.3.amzn1.i686.rpm
Amazon Linux	1	i686	t1utils-debuginfo	< 1.39-1.3.amzn1	t1utils-debuginfo-1.39-1.3.amzn1.i686.rpm
Amazon Linux	1	x86_64	t1utils-debuginfo	< 1.39-1.3.amzn1	t1utils-debuginfo-1.39-1.3.amzn1.x86_64.rpm
Amazon Linux	1	x86_64	t1utils	< 1.39-1.3.amzn1	t1utils-1.39-1.3.amzn1.x86_64.rpm