Navigation
|
|
| Problem Description |
The fixps and psmandup scripts, part of the a2ps package, are
vulnerable to symlink attacks which could allow a local attacker to
overwrite arbitrary files. The updated packages have been patched to
correct the problem.
| Updated Packages |
Mandrakelinux 10.1
938d5b703cbeb762efd5619880208497 10.1/RPMS/a2ps-4.13b-5.2.101mdk.i586.rpm e0e7a61ec86b0af969cbe60008e6830f 10.1/RPMS/a2ps-devel-4.13b-5.2.101mdk.i586.rpm fce5b28393e1c8da6e0ea1ebdb1a2de6 10.1/RPMS/a2ps-static-devel-4.13b-5.2.101mdk.i586.rpm 05f8fdc46bded4e920c709a781c98550 10.1/SRPMS/a2ps-4.13b-5.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64
fc1fd3817e4f41ea41758a3ac53e86cd x86_64/10.1/RPMS/a2ps-4.13b-5.2.101mdk.x86_64.rpm 84541cd7d841c64ceccb89f2a413d450 x86_64/10.1/RPMS/a2ps-devel-4.13b-5.2.101mdk.x86_64.rpm acf595ef3b6f3d2a79204feec3e34208 x86_64/10.1/RPMS/a2ps-static-devel-4.13b-5.2.101mdk.x86_64.rpm 05f8fdc46bded4e920c709a781c98550 x86_64/10.1/SRPMS/a2ps-4.13b-5.2.101mdk.src.rpm
Corporate Server 2.1
65a7ea65f589533d0aca00a6a37760ff corporate/2.1/RPMS/a2ps-4.13-14.2.C21mdk.i586.rpm 45c465fc3e2165e6681cccda909fb91f corporate/2.1/RPMS/a2ps-devel-4.13-14.2.C21mdk.i586.rpm 273f20da1e895043ee719b964b7d2b55 corporate/2.1/RPMS/a2ps-static-devel-4.13-14.2.C21mdk.i586.rpm 58e6bdd04f757728aa63089f8b4249ac corporate/2.1/SRPMS/a2ps-4.13-14.2.C21mdk.src.rpm
Corporate Server 2.1/X86_64
d5cc8c0304f537acd89c575c7124a6c0 x86_64/corporate/2.1/RPMS/a2ps-4.13-14.2.C21mdk.x86_64.rpm ee85486832fbdf9873c3acfa8b73bafe x86_64/corporate/2.1/RPMS/a2ps-devel-4.13-14.2.C21mdk.x86_64.rpm 84c3ca054e874346bc55daeb5fea0f9f x86_64/corporate/2.1/RPMS/a2ps-static-devel-4.13-14.2.C21mdk.x86_64.rpm 58e6bdd04f757728aa63089f8b4249ac x86_64/corporate/2.1/SRPMS/a2ps-4.13-14.2.C21mdk.src.rpm
Corporate Server 3.0
859d494306ae1dca81186e2fe99b9a96 corporate/3.0/RPMS/a2ps-4.13b-5.2.C30mdk.i586.rpm 9bd2c39d7495f18412fcd0a1412f1169 corporate/3.0/RPMS/a2ps-devel-4.13b-5.2.C30mdk.i586.rpm 68be9c1420f80da9047bf2c7f41e861c corporate/3.0/RPMS/a2ps-static-devel-4.13b-5.2.C30mdk.i586.rpm daba71e7aa523a71040a54e841bf9300 corporate/3.0/SRPMS/a2ps-4.13b-5.2.C30mdk.src.rpm
Corporate Server 3.0/X86_64
3d2e4b184d3ff5f19d5ce48762b25c41 x86_64/corporate/3.0/RPMS/a2ps-4.13b-5.2.C30mdk.x86_64.rpm 7edb5fa8542f0a8216e2670a668aaf04 x86_64/corporate/3.0/RPMS/a2ps-devel-4.13b-5.2.C30mdk.x86_64.rpm aebaa6e7473f6fa84bd973df34ef3b96 x86_64/corporate/3.0/RPMS/a2ps-static-devel-4.13b-5.2.C30mdk.x86_64.rpm daba71e7aa523a71040a54e841bf9300 x86_64/corporate/3.0/SRPMS/a2ps-4.13b-5.2.C30mdk.src.rpm
Mandriva Linux LE2005
47722386507aa7fb8c4ddbbbbcc4a20c 10.2/RPMS/a2ps-4.13b-6.1.102mdk.i586.rpm 190e48d0b4143ac0ad911482e0b0151f 10.2/RPMS/a2ps-devel-4.13b-6.1.102mdk.i586.rpm 4d3d6cbd4ad35999c9bff1f61f890778 10.2/RPMS/a2ps-static-devel-4.13b-6.1.102mdk.i586.rpm 52a665ac72fec5e99b3e1412e6470063 10.2/SRPMS/a2ps-4.13b-6.1.102mdk.src.rpm
Mandriva Linux LE2005/X86_64
37135cc64ba189c769851ba678532576 x86_64/10.2/RPMS/a2ps-4.13b-6.1.102mdk.x86_64.rpm 6f4cbd5624aac20e99703072131538c7 x86_64/10.2/RPMS/a2ps-devel-4.13b-6.1.102mdk.x86_64.rpm 4314538dcbb211c28f32abc64d9e3de8 x86_64/10.2/RPMS/a2ps-static-devel-4.13b-6.1.102mdk.x86_64.rpm 52a665ac72fec5e99b3e1412e6470063 x86_64/10.2/SRPMS/a2ps-4.13b-6.1.102mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1377
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.