GoogleOSV:DSA-2892-1a2ps - security update
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
70.7%
Several vulnerabilities have been found in a2ps, an Anything to
PostScript converter and pretty-printer. The Common Vulnerabilities and
Exposures project identifies the following problems:
- CVE-2001-1593
The spy_user function which is called when a2ps is invoked with the
โdebug flag insecurely used temporary files. - CVE-2014-0466
Brian M. Carlson reported that a2psโs fixps script does not invoke
gs with the -dSAFER option. Consequently executing fixps on a
malicious PostScript file could result in files being deleted or
arbitrary commands being executed with the privileges of the user
running fixps.
For the oldstable distribution (squeeze), these problems have been fixed
in version 1:4.14-1.1+deb6u1.
For the stable distribution (wheezy), these problems have been fixed in
version 1:4.14-1.1+deb7u1.
For the testing distribution (jessie) and the unstable distribution
(sid), these problems will be fixed soon.
We recommend that you upgrade your a2ps packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| a2ps | eq | 1:4.14-1.1 |
References
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
70.7%