Updated a2ps packages fix CVE-2014-0466
Publication date: 04 Apr 2014Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0466
Description
Updated a2ps packages fix security vulnerability: Brian M. Carlson reported that a2ps's fixps script does not invoke gs with the -dSAFER option. Consequently executing fixps on a malicious PostScript file could result in files being deleted or arbitrary commands being executed with the privileges of the user running fixps (CVE-2014-0466).
References
SRPMS
3/core
- a2ps-4.14-12.2.mga3
4/core
- a2ps-4.14-13.1.mga4