ALT-BU-2015-2540-1
Branch sisyphus update bulletin.
Package cups-filters updated to version 1.0.71-alt1 for branch sisyphus in task 146329.
Closed vulnerabilities
BDU:2015-10867
Уязвимость операционной системы Ubuntu, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-10868
Уязвимость операционной системы Debian GNU/Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-10869
Уязвимость операционной системы Ubuntu, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-10870
Уязвимость операционной системы Debian GNU/Linux, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2015-3258
Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7363
- openSUSE-SU-2015:1244
- openSUSE-SU-2015:1244
- RHSA-2015:2360
- RHSA-2015:2360
- USN-2659-1
- USN-2659-1
- DSA-3303
- DSA-3303
- [oss-security] 20150626 CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow
- [oss-security] 20150626 CVE-2015-3258 cups-filters: texttopdf heap-based buffer overflow
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 75436
- 75436
- https://bugzilla.redhat.com/show_bug.cgi?id=1235385
- https://bugzilla.redhat.com/show_bug.cgi?id=1235385
- GLSA-201510-08
- GLSA-201510-08
Modified: 2024-11-21
CVE-2015-3279
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7366#NEWS
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7369
- openSUSE-SU-2015:1244
- openSUSE-SU-2015:1244
- RHSA-2015:2360
- RHSA-2015:2360
- USN-2659-1
- USN-2659-1
- DSA-3303
- DSA-3303
- [oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters
- [oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters
- [oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters
- [oss-security] 20150703 Re: CVE-2015-3258 CVE-2015-3279 cups-filters
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 75557
- 75557
- https://bugzilla.redhat.com/show_bug.cgi?id=1238990
- https://bugzilla.redhat.com/show_bug.cgi?id=1238990
- GLSA-201510-08
- GLSA-201510-08
Package adobe-flash-player updated to version 11-alt50 for branch sisyphus in task 146352.
Closed vulnerabilities
BDU:2015-10796
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-10797
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-10798
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2015-10799
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Modified: 2025-02-14
CVE-2015-5122
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
- SUSE-SU-2015:1255
- SUSE-SU-2015:1258
- openSUSE-SU-2015:1267
- HPSBMU03409
- http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html
- RHSA-2015:1235
- VU#338736
- http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf
- 75712
- 1032890
- TA15-195A
- HPSBHF03509
- HPSBHF03509
- SSRT102253
- SSRT102253
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467
- https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
- https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
- https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/
- https://perception-point.io/new/breaking-cfi.php
- GLSA-201508-01
- 37599
- https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html
- SUSE-SU-2015:1255
- https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html
- 37599
- GLSA-201508-01
- https://perception-point.io/new/breaking-cfi.php
- https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/
- https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
- https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467
- SSRT102253
- SSRT102253
- HPSBHF03509
- HPSBHF03509
- TA15-195A
- 1032890
- 75712
- http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf
- VU#338736
- RHSA-2015:1235
- http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html
- HPSBMU03409
- openSUSE-SU-2015:1267
- SUSE-SU-2015:1258
Modified: 2025-02-14
CVE-2015-5123
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
- http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak/
- SUSE-SU-2015:1255
- SUSE-SU-2015:1258
- openSUSE-SU-2015:1267
- HPSBMU03409
- RHSA-2015:1235
- VU#918568
- 75710
- 1032890
- TA15-195A
- HPSBHF03509
- HPSBHF03509
- SSRT102253
- SSRT102253
- https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
- https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
- GLSA-201508-01
- http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak/
- GLSA-201508-01
- https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
- https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
- SSRT102253
- SSRT102253
- HPSBHF03509
- HPSBHF03509
- TA15-195A
- 1032890
- 75710
- VU#918568
- RHSA-2015:1235
- HPSBMU03409
- openSUSE-SU-2015:1267
- SUSE-SU-2015:1258
- SUSE-SU-2015:1255