Package name
a2ps
Date
2014-04-10
Advisory ID
MDVSA-2014:076
Affected versions
MBS1 x86_64

Problem description

Updated a2ps packages fix security vulnerability:

Brian M. Carlson reported that a2ps's fixps script does not invoke gs
with the -dSAFER option. Consequently executing fixps on a malicious
PostScript file could result in files being deleted or arbitrary
commands being executed with the privileges of the user running fixps
(CVE-2014-0466).

Updated packages

MBS1 x86_64

 0f667f19c4473c76c7f0bb883b018686  mbs1/x86_64/a2ps-4.14-13.1.mbs1.x86_64.rpm
 84621cd5370ef5f670042b56e752f3a6  mbs1/x86_64/a2ps-devel-4.14-13.1.mbs1.x86_64.rpm
 8cb69125b529ae6be772e21cc24aad6c  mbs1/x86_64/a2ps-static-devel-4.14-13.1.mbs1.x86_64.rpm 
 f46a477d2bfcb3fe38349c8256b9f25e  mbs1/SRPMS/a2ps-4.14-13.1.mbs1.src.rpm

References