ELA-155-1 cups security update

fix for buffer overflow

2019-08-24
Packagecups
Version1.5.3-5+deb7u10
Related CVE CVE-2019-8675 CVE-2019-8696

Two issues have been found in cups, the Common UNIX Printing System™.

Basically both CVEs (CVE-2019-8675 and CVE-2019-8696) are about stack-buffer-overflow in two functions of libcup. One happens in asn1_get_type() the other one in asn1_get_packed().

For Debian 7 Wheezy, these problems have been fixed in version 1.5.3-5+deb7u10.

We recommend that you upgrade your cups packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/