[v2.4] a2ps: several vulnerabilities (CVE-2001-1593 CVE-2014-0466)
Several vulnerabilities have been found in a2ps, an ‘Anything to PostScript’ converter and pretty-printer. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2001-1593
The spy_user function which is called when a2ps is invoked with the
—debug flag insecurely used temporary files.
http://seclists.org/oss-sec/2014/q1/257
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737385
https://bugzilla.redhat.com/show\_bug.cgi?id=1060630
PATCH:
http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch
CVE-2014-0466
Brian M. Carlson reported that a2ps’s fixps script does not invoke gs
with the -dSAFER option. Consequently executing fixps on a malicious
PostScript file could result in files being deleted or arbitrary
commands being executed with the privileges of the user running fixps.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902
PATCH:
https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=12;filename=a2ps-4.14-1.3-nmu.diff;att=1;bug=742902
(from redmine: issue id 2822, created on 2014-04-03, closed on 2014-04-18)
- Relations:
- parent #2821 (closed)
- Changesets:
- Revision dc904137 by Natanael Copa on 2014-04-18T11:46:20Z:
main/a2ps: security fix for CVE-2001-1593 and CVE-2014-0466
fixes #2822
(cherry picked from commit 9544460de3b7282c473654a2a67586c6645a05c1)
Conflicts:
main/a2ps/APKBUILD