cups-filters-1.8.2-1.11 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10313-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z cups-filters-1.8.2-1.11 on GA media These are all security issues fixed in the cups-filters-1.8.2-1.11 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10313 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2013-6473/ SUSE CVE CVE-2013-6473 page https://www.suse.com/security/cve/CVE-2013-6474/ SUSE CVE CVE-2013-6474 page https://www.suse.com/security/cve/CVE-2013-6475/ SUSE CVE CVE-2013-6475 page https://www.suse.com/security/cve/CVE-2013-6476/ SUSE CVE CVE-2013-6476 page https://www.suse.com/security/cve/CVE-2014-2707/ SUSE CVE CVE-2014-2707 page https://www.suse.com/security/cve/CVE-2014-4336/ SUSE CVE CVE-2014-4336 page https://www.suse.com/security/cve/CVE-2014-4337/ SUSE CVE CVE-2014-4337 page https://www.suse.com/security/cve/CVE-2014-4338/ SUSE CVE CVE-2014-4338 page https://www.suse.com/security/cve/CVE-2015-2265/ SUSE CVE CVE-2015-2265 page https://www.suse.com/security/cve/CVE-2015-3258/ SUSE CVE CVE-2015-3258 page https://www.suse.com/security/cve/CVE-2015-3279/ SUSE CVE CVE-2015-3279 page https://www.suse.com/security/cve/CVE-2015-8327/ SUSE CVE CVE-2015-8327 page https://www.suse.com/security/cve/CVE-2015-8560/ SUSE CVE CVE-2015-8560 page openSUSE Tumbleweed cups-filters-1.8.2-1.11 cups-filters-cups-browsed-1.8.2-1.11 cups-filters-devel-1.8.2-1.11 cups-filters-foomatic-rip-1.8.2-1.11 cups-filters-ghostscript-1.8.2-1.11 cups-filters-1.8.2-1.11 as a component of openSUSE Tumbleweed cups-filters-cups-browsed-1.8.2-1.11 as a component of openSUSE Tumbleweed cups-filters-devel-1.8.2-1.11 as a component of openSUSE Tumbleweed cups-filters-foomatic-rip-1.8.2-1.11 as a component of openSUSE Tumbleweed cups-filters-ghostscript-1.8.2-1.11 as a component of openSUSE Tumbleweed Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file. CVE-2013-6473 openSUSE Tumbleweed:cups-filters-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-cups-browsed-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-devel-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-foomatic-rip-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-ghostscript-1.8.2-1.11 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6473.html CVE-2013-6473 https://bugzilla.suse.com/866302 SUSE Bug 866302 Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. CVE-2013-6474 openSUSE Tumbleweed:cups-filters-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-cups-browsed-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-devel-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-foomatic-rip-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-ghostscript-1.8.2-1.11 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6474.html CVE-2013-6474 https://bugzilla.suse.com/866302 SUSE Bug 866302 Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) oprs/OPVPSplash.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allow remote attackers to execute arbitrary code via a crafted PDF file, which triggers a heap-based buffer overflow. CVE-2013-6475 openSUSE Tumbleweed:cups-filters-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-cups-browsed-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-devel-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-foomatic-rip-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-ghostscript-1.8.2-1.11 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6475.html CVE-2013-6475 https://bugzilla.suse.com/866302 SUSE Bug 866302 The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. CVE-2013-6476 openSUSE Tumbleweed:cups-filters-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-cups-browsed-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-devel-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-foomatic-rip-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-ghostscript-1.8.2-1.11 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-6476.html CVE-2013-6476 https://bugzilla.suse.com/866302 SUSE Bug 866302 cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the (1) model or (2) PDL, related to "System V interface scripts generated for queues." CVE-2014-2707 openSUSE Tumbleweed:cups-filters-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-cups-browsed-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-devel-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-foomatic-rip-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-ghostscript-1.8.2-1.11 moderate 8.3 AV:A/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2707.html CVE-2014-2707 https://bugzilla.suse.com/871327 SUSE Bug 871327 https://bugzilla.suse.com/883543 SUSE Bug 883543 https://bugzilla.suse.com/921753 SUSE Bug 921753 https://bugzilla.suse.com/937018 SUSE Bug 937018 The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. CVE-2014-4336 openSUSE Tumbleweed:cups-filters-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-cups-browsed-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-devel-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-foomatic-rip-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-ghostscript-1.8.2-1.11 moderate 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-4336.html CVE-2014-4336 https://bugzilla.suse.com/871327 SUSE Bug 871327 https://bugzilla.suse.com/883543 SUSE Bug 883543 The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data. CVE-2014-4337 openSUSE Tumbleweed:cups-filters-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-cups-browsed-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-devel-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-foomatic-rip-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-ghostscript-1.8.2-1.11 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-4337.html CVE-2014-4337 https://bugzilla.suse.com/871327 SUSE Bug 871327 https://bugzilla.suse.com/883543 SUSE Bug 883543 cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses. CVE-2014-4338 openSUSE Tumbleweed:cups-filters-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-cups-browsed-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-devel-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-foomatic-rip-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-ghostscript-1.8.2-1.11 moderate 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-4338.html CVE-2014-4338 https://bugzilla.suse.com/871327 SUSE Bug 871327 https://bugzilla.suse.com/883536 SUSE Bug 883536 The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707. CVE-2015-2265 openSUSE Tumbleweed:cups-filters-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-cups-browsed-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-devel-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-foomatic-rip-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-ghostscript-1.8.2-1.11 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-2265.html CVE-2015-2265 https://bugzilla.suse.com/921753 SUSE Bug 921753 https://bugzilla.suse.com/937018 SUSE Bug 937018 Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job. CVE-2015-3258 openSUSE Tumbleweed:cups-filters-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-cups-browsed-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-devel-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-foomatic-rip-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-ghostscript-1.8.2-1.11 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3258.html CVE-2015-3258 https://bugzilla.suse.com/921753 SUSE Bug 921753 https://bugzilla.suse.com/936281 SUSE Bug 936281 https://bugzilla.suse.com/937018 SUSE Bug 937018 Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow. CVE-2015-3279 openSUSE Tumbleweed:cups-filters-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-cups-browsed-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-devel-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-foomatic-rip-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-ghostscript-1.8.2-1.11 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-3279.html CVE-2015-3279 https://bugzilla.suse.com/921753 SUSE Bug 921753 https://bugzilla.suse.com/936281 SUSE Bug 936281 https://bugzilla.suse.com/937018 SUSE Bug 937018 Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. CVE-2015-8327 openSUSE Tumbleweed:cups-filters-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-cups-browsed-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-devel-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-foomatic-rip-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-ghostscript-1.8.2-1.11 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8327.html CVE-2015-8327 https://bugzilla.suse.com/1027197 SUSE Bug 1027197 https://bugzilla.suse.com/957531 SUSE Bug 957531 Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. CVE-2015-8560 openSUSE Tumbleweed:cups-filters-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-cups-browsed-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-devel-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-foomatic-rip-1.8.2-1.11 openSUSE Tumbleweed:cups-filters-ghostscript-1.8.2-1.11 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2015-8560.html CVE-2015-8560 https://bugzilla.suse.com/1027197 SUSE Bug 1027197 https://bugzilla.suse.com/957531 SUSE Bug 957531