OPENSUSE-SU-2024:10086-1 a2ps-4.14-6.6 on GA media

These are all security issues fixed in the a2ps-4.14-6.6 package on the GA media of openSUSE Tumbleweed...

Format string

Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code...

CVE-2015-8107

Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code...

CVE-2015-8107

Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code...

Fedora 20 : a2ps-4.14-23.fc20 (2014-4691)

This update fixes a security problem in the fixps utility CVE-2014-0466. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

CVE-2001-1593

The tempnameensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spyuser function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file...

CVE-2001-1593

CVE-2001-1593 affects the a2ps package (versions 4.14 and earlier). The vulnerability is in the tempname_ensure function (lib/routines.h), used by the spy_user function, allowing local users to modify arbitrary files via a symlink attack on a temporary file. Impact is local file modification with...

CVE-2001-1593

The tempnameensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spyuser function and possibly other functions, allows local users to modify arbitrary files via a symlink attack on a temporary file...

CVE-2014-0466

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...

CVE-2014-0466

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...

Design/Logic Flaw

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...

CVE-2014-0466

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...

CVE-2014-0466

CVE-2014-0466 affects the a2ps package. The underlying issue is in the fixps script: it does not invoke Ghostscript with the -dSAFER option, enabling a crafted PostScript file to trigger arbitrary commands or delete files. Documented impact across multiple distros states remote attackers could ex...

CVE-2014-0466

The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file...