Linux Security
    Linux Security
    Linux Security

    ArchLinux: 202005-4: a2ps: multiple issues

    Date
    191
    Posted By
    The package a2ps before version 4.14-9 is vulnerable to multiple issues including arbitrary command execution and arbitrary code execution.
    Arch Linux Security Advisory ASA-202005-4
    =========================================
    
    Severity: High
    Date    : 2020-05-06
    CVE-ID  : CVE-2014-0466 CVE-2015-8107
    Package : a2ps
    Type    : multiple issues
    Remote  : No
    Link    : https://security.archlinux.org/AVG-1150
    
    Summary
    =======
    
    The package a2ps before version 4.14-9 is vulnerable to multiple issues
    including arbitrary command execution and arbitrary code execution.
    
    Resolution
    ==========
    
    Upgrade to 4.14-9.
    
    # pacman -Syu "a2ps>=4.14-9"
    
    The problems have been fixed upstream but no release is available yet.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2014-0466 (arbitrary command execution)
    
    The fixps script in a2ps 4.14 does not use the -dSAFER option when
    executing gs, which allows context-dependent attackers to delete
    arbitrary files or execute arbitrary commands via a crafted PostScript
    file.
    
    - CVE-2015-8107 (arbitrary code execution)
    
    A format string vulnerability in GNU a2ps 4.14 allows remote attackers
    to execute arbitrary code.
    
    Impact
    ======
    
    A remote attacker can send crafted Postscript files which can execute
    arbitrary commands or delete files from the system.
    
    References
    ==========
    
    https://github.com/akimd/a2ps/commit/5ea5ff8bc0094ca1eda0dd0e011d860e994c0a88
    https://github.com/akimd/a2ps/commit/90b876cb480ca9e092490c825663f23909c6173c
    https://security.archlinux.org/CVE-2014-0466
    https://security.archlinux.org/CVE-2015-8107
    

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/38-which-aspect-of-server-security-are-you-most-interested-in-learning-more-about?task=poll.vote&format=json
    38
    radio
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.