FS#38799 - [a2ps] security patch for CVE-2001-1593
Attached to Project:
Arch Linux
Opened by RbN (RbN) - Wednesday, 05 February 2014, 15:04 GMT
Last edited by Eric Belanger (Snowman) - Wednesday, 05 February 2014, 16:44 GMT
Opened by RbN (RbN) - Wednesday, 05 February 2014, 15:04 GMT
Last edited by Eric Belanger (Snowman) - Wednesday, 05 February 2014, 16:44 GMT
|
Details
Description (from redhat Bugzilla[0]):
"Jakub Wilk found that a2ps, a tool to convert text and other types of files to PostScript, insecurely used a temporary file in spy_user(). A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running a2ps." CVE [1] Resolution: fedora patch [2] Ressources: [0] https://bugzilla.redhat.com/show_bug.cgi?id=1060630 [1] http://openwall.com/lists/oss-security/2014/02/05/5 [2] http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch |
This task depends upon
Closed by Eric Belanger (Snowman)
Wednesday, 05 February 2014, 16:44 GMT
Reason for closing: Fixed
Additional comments about closing: a2ps-4.14-6
Wednesday, 05 February 2014, 16:44 GMT
Reason for closing: Fixed
Additional comments about closing: a2ps-4.14-6