CVE-2001-1593
Published: 5 April 2014
Jakub Wilk found that a2ps, a tool to convert text and other types of files to PostScript, insecurely used a temporary file in spy_user(). A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running a2ps.
Priority
Status
Package | Release | Status |
---|---|---|
a2ps Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
lucid |
Ignored
(end of life)
|
|
precise |
Released
(1:4.14-1.1+deb7u1build0.12.04.1)
|
|
trusty |
Does not exist
(trusty was not-affected [1:4.14-1.2])
|
|
utopic |
Not vulnerable
(1:4.14-1.2)
|
|
vivid |
Not vulnerable
(1:4.14-1.2)
|
|
Patches: fedora: http://pkgs.fedoraproject.org/cgit/a2ps.git/plain/a2ps-4.13-security.patch |