DSA-2892-1 a2ps -- a2psID: oval:org.secpod.oval:def:601244 | Date: (C)2014-07-25 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been found in a2ps, an "Anything to PostScript" converter and pretty-printer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2001-1593 The spy_user function which is called when a2ps is invoked with the --debug flag insecurely used temporary files. CVE-2014-0466 Brian M. Carlson reported that a2ps"s fixps script does not invoke gs with the -dSAFER option. Consequently executing fixps on a malicious PostScript file could result in files being deleted or arbitrary commands being executed with the privileges of the user running fixps.
Platform: |
Debian 7.0 |
Debian 6.0 |