ALT-PU-2014-1278-1
Package cups-filters updated to version 1.0.47-alt1 for branch sisyphus in task 116264.
Closed vulnerabilities
BDU:2015-04125
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
BDU:2015-09753
Уязвимости операционной системы Gentoo Linux, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Modified: 2025-04-12
CVE-2013-6473
Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175
- http://www.securityfocus.com/bid/66601
- http://www.ubuntu.com/usn/USN-2143-1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741333
- https://bugzilla.redhat.com/show_bug.cgi?id=1027547
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175
- http://www.securityfocus.com/bid/66601
- http://www.ubuntu.com/usn/USN-2143-1
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741333
- https://bugzilla.redhat.com/show_bug.cgi?id=1027547
Modified: 2025-04-12
CVE-2013-6474
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
- http://www.debian.org/security/2014/dsa-2875
- http://www.debian.org/security/2014/dsa-2876
- http://www.securityfocus.com/bid/66163
- http://www.ubuntu.com/usn/USN-2143-1
- http://www.ubuntu.com/usn/USN-2144-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1027548
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
- http://www.debian.org/security/2014/dsa-2875
- http://www.debian.org/security/2014/dsa-2876
- http://www.securityfocus.com/bid/66163
- http://www.ubuntu.com/usn/USN-2143-1
- http://www.ubuntu.com/usn/USN-2144-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1027548
Modified: 2025-04-12
CVE-2013-6475
Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow.
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
- http://www.debian.org/security/2014/dsa-2875
- http://www.debian.org/security/2014/dsa-2876
- http://www.securityfocus.com/bid/66166
- http://www.ubuntu.com/usn/USN-2143-1
- http://www.ubuntu.com/usn/USN-2144-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1027550
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
- http://www.debian.org/security/2014/dsa-2875
- http://www.debian.org/security/2014/dsa-2876
- http://www.securityfocus.com/bid/66166
- http://www.ubuntu.com/usn/USN-2143-1
- http://www.ubuntu.com/usn/USN-2144-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1027550
Modified: 2025-04-12
CVE-2013-6476
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
- http://www.debian.org/security/2014/dsa-2875
- http://www.debian.org/security/2014/dsa-2876
- http://www.ubuntu.com/usn/USN-2143-1
- http://www.ubuntu.com/usn/USN-2144-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1027551
- http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
- http://www.debian.org/security/2014/dsa-2875
- http://www.debian.org/security/2014/dsa-2876
- http://www.ubuntu.com/usn/USN-2143-1
- http://www.ubuntu.com/usn/USN-2144-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1027551
Closed bugs
Обновление до 1.0.46 поломало печать (Filter failed)