SUSE-SU-2015:0465-1: moderate: Security update for cups, cups154

Wed Mar 11 04:05:08 MDT 2015

   SUSE Security Update: Security update for cups, cups154
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:0465-1
Rating:             moderate
References:         #917799 
Cross-References:   CVE-2014-9679
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Module for Legacy Software 12
                    SUSE Linux Enterprise Desktop 12
                    SUSE Linux Enterprise Build System Kit 12
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   cups, cups154 was updated to fix one security issue.

   This security issue was fixed:
   - CVE-2014-9679: A malformed compressed raster file can trigger a buffer
     overflow in cupsRasterReadPixels (bnc#917799).

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12:

      zypper in -t patch SUSE-SLE-SDK-12-2015-116=1

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-116=1

   - SUSE Linux Enterprise Module for Legacy Software 12:

      zypper in -t patch SUSE-SLE-Module-Legacy-12-2015-116=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-116=1

   - SUSE Linux Enterprise Build System Kit 12:

      zypper in -t patch SUSE-SLE-BSK-12-2015-116=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64):

      cups-debuginfo-1.7.5-5.1
      cups-debugsource-1.7.5-5.1
      cups-devel-1.7.5-5.1

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):

      cups-1.7.5-5.1
      cups-client-1.7.5-5.1
      cups-client-debuginfo-1.7.5-5.1
      cups-debuginfo-1.7.5-5.1
      cups-debugsource-1.7.5-5.1
      cups-libs-1.7.5-5.1
      cups-libs-debuginfo-1.7.5-5.1

   - SUSE Linux Enterprise Server 12 (s390x x86_64):

      cups-libs-32bit-1.7.5-5.1
      cups-libs-debuginfo-32bit-1.7.5-5.1

   - SUSE Linux Enterprise Module for Legacy Software 12 (ppc64le s390x x86_64):

      cups154-1.5.4-5.1
      cups154-client-1.5.4-5.1
      cups154-client-debuginfo-1.5.4-5.1
      cups154-debuginfo-1.5.4-5.1
      cups154-debugsource-1.5.4-5.1
      cups154-filters-1.5.4-5.1
      cups154-filters-debuginfo-1.5.4-5.1
      cups154-libs-1.5.4-5.1
      cups154-libs-debuginfo-1.5.4-5.1

   - SUSE Linux Enterprise Desktop 12 (x86_64):

      cups-1.7.5-5.1
      cups-client-1.7.5-5.1
      cups-client-debuginfo-1.7.5-5.1
      cups-debuginfo-1.7.5-5.1
      cups-debugsource-1.7.5-5.1
      cups-libs-1.7.5-5.1
      cups-libs-32bit-1.7.5-5.1
      cups-libs-debuginfo-1.7.5-5.1
      cups-libs-debuginfo-32bit-1.7.5-5.1

   - SUSE Linux Enterprise Build System Kit 12 (s390x x86_64):

      cups-ddk-1.7.5-5.1
      cups-ddk-debuginfo-1.7.5-5.1
      cups-debuginfo-1.7.5-5.1
      cups-debugsource-1.7.5-5.1

References:

   http://support.novell.com/security/cve/CVE-2014-9679.html
   https://bugzilla.suse.com/917799