[SECURITY] [DSA 3411-1] cups-filters security update

2015-12-0222:34:50

lists.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

89.9%

JSON

Debian Security Advisory DSA-3411-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
December 02, 2015 https://www.debian.org/security/faq

Package : cups-filters
CVE ID : CVE-2015-8327

Michal Kowalczyk discovered that missing input sanitising in the
foomatic-rip print filter might result in the execution of arbitrary
commands.

The oldstable distribution (wheezy) is not affected.

For the stable distribution (jessie), this problem has been fixed in
version 1.0.61-5+deb8u2.

For the unstable distribution (sid), this problem has been fixed in
version 1.2.0-1.

We recommend that you upgrade your cups-filters packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8kfreebsd-i386cups-filters-core-drivers< 1.0.61-5+deb8u2cups-filters-core-drivers_1.0.61-5+deb8u2_kfreebsd-i386.deb
Debian8allfoomatic-filters< 4.0.17-5+deb8u1foomatic-filters_4.0.17-5+deb8u1_all.deb
Debian8amd64libfontembed-dev< 1.0.61-5+deb8u2libfontembed-dev_1.0.61-5+deb8u2_amd64.deb
Debian8powerpccups-filters< 1.0.61-5+deb8u2cups-filters_1.0.61-5+deb8u2_powerpc.deb
Debian8amd64cups-filters-core-drivers< 1.0.61-5+deb8u2cups-filters-core-drivers_1.0.61-5+deb8u2_amd64.deb
Debian8s390xlibcupsfilters1< 1.0.61-5+deb8u2libcupsfilters1_1.0.61-5+deb8u2_s390x.deb
Debian8mipslibfontembed1< 1.0.61-5+deb8u2libfontembed1_1.0.61-5+deb8u2_mips.deb
Debian8armhffoomatic-filters< 4.0.17-5+deb8u1foomatic-filters_4.0.17-5+deb8u1_armhf.deb
Debian7i386foomatic-filters< 4.0.17-1+deb7u1foomatic-filters_4.0.17-1+deb7u1_i386.deb
Debian7mipselfoomatic-filters< 4.0.17-1+deb7u1foomatic-filters_4.0.17-1+deb7u1_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	kfreebsd-i386	cups-filters-core-drivers	< 1.0.61-5+deb8u2	cups-filters-core-drivers_1.0.61-5+deb8u2_kfreebsd-i386.deb
Debian	8	all	foomatic-filters	< 4.0.17-5+deb8u1	foomatic-filters_4.0.17-5+deb8u1_all.deb
Debian	8	amd64	libfontembed-dev	< 1.0.61-5+deb8u2	libfontembed-dev_1.0.61-5+deb8u2_amd64.deb
Debian	8	powerpc	cups-filters	< 1.0.61-5+deb8u2	cups-filters_1.0.61-5+deb8u2_powerpc.deb
Debian	8	amd64	cups-filters-core-drivers	< 1.0.61-5+deb8u2	cups-filters-core-drivers_1.0.61-5+deb8u2_amd64.deb
Debian	8	s390x	libcupsfilters1	< 1.0.61-5+deb8u2	libcupsfilters1_1.0.61-5+deb8u2_s390x.deb
Debian	8	mips	libfontembed1	< 1.0.61-5+deb8u2	libfontembed1_1.0.61-5+deb8u2_mips.deb
Debian	8	armhf	foomatic-filters	< 4.0.17-5+deb8u1	foomatic-filters_4.0.17-5+deb8u1_armhf.deb
Debian	7	i386	foomatic-filters	< 4.0.17-1+deb7u1	foomatic-filters_4.0.17-1+deb7u1_i386.deb
Debian	7	mipsel	foomatic-filters	< 4.0.17-1+deb7u1	foomatic-filters_4.0.17-1+deb7u1_mipsel.deb