Advisories ยป MGASA-2014-0161

Updated a2ps packages fix CVE-2014-0466

Publication date: 04 Apr 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0466

Description

Updated a2ps packages fix security vulnerability:

Brian M. Carlson reported that a2ps's fixps script does not invoke gs with
the -dSAFER option. Consequently executing fixps on a malicious PostScript
file could result in files being deleted or arbitrary commands being
executed with the privileges of the user running fixps (CVE-2014-0466).
                

References

SRPMS

3/core

4/core