FS#38799 : [a2ps] security patch for CVE-2001-1593

FS#38799 - [a2ps] security patch for CVE-2001-1593

Attached to Project: Arch Linux
Opened by RbN (RbN) - Wednesday, 05 February 2014, 15:04 GMT
Last edited by Eric Belanger (Snowman) - Wednesday, 05 February 2014, 16:44 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Eric Belanger (Snowman)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description (from redhat Bugzilla[0]):
"Jakub Wilk found that a2ps, a tool to convert text and other types of files to PostScript, insecurely used a temporary file in spy_user(). A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running a2ps."

CVE [1]

Resolution:
fedora patch [2]

Ressources:
[0] https://bugzilla.redhat.com/show_bug.cgi?id=1060630
[1] http://openwall.com/lists/oss-security/2014/02/05/5
[2] http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch

This task depends upon

Closed by Eric Belanger (Snowman)
Wednesday, 05 February 2014, 16:44 GMT
Reason for closing: Fixed
Additional comments about closing: a2ps-4.14-6

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#38799 - [a2ps] security patch for CVE-2001-1593

Details

Loading...