OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 17-Jan-2005 13:37:27
Branch: HEAD Handle: 2005011712372700
Modified files:
openpkg-web/security OpenPKG-SA-2005.003-a2ps.txt
Log:
release OpenPKG Security Advisory 2005.003 (a2ps)
Summary:
Revision Changes Path
1.3 +18 -9 openpkg-web/security/OpenPKG-SA-2005.003-a2ps.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2005.003-a2ps.txt
============================================================================
$ cvs diff -u -r1.2 -r1.3 OpenPKG-SA-2005.003-a2ps.txt
--- openpkg-web/security/OpenPKG-SA-2005.003-a2ps.txt 17 Jan 2005 12:22:08
-0000 1.2
+++ openpkg-web/security/OpenPKG-SA-2005.003-a2ps.txt 17 Jan 2005 12:37:27
-0000 1.3
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
@@ -18,15 +21,14 @@
Dependent Packages: none
Description:
- Rudolf Polzer [0] discovered a vulnerability in a2ps [1], a converter and
- pretty-printer for many formats to PostScript. The program does not
- escape shell meta characters properly which could lead to the execution
- of arbitrary commands as a privileged user if a2ps is installed as a
- printer filter.
- a2ps allows remote attackers to execute arbitrary commands via shell
- metacharacters in the filename. The Common Vulnerabilities and
- Exposures (CVE) project assigned the identifier CAN-2004-1170 [2] to
- the problem.
+ Rudolf Polzer discovered [0] a vulnerability in GNU a2ps [1], a
+ converter and pretty-printer for many formats to PostScript. The
+ program does not escape shell meta characters properly which could
+ lead to the execution of arbitrary commands as a privileged user if
+ a2ps is installed as a printer filter. a2ps allows remote attackers to
+ execute arbitrary commands via shell metacharacters in the filename.
+ The Common Vulnerabilities and Exposures (CVE) project assigned the
+ identifier CAN-2004-1170 [2] to the problem.
Please check whether you are affected by running "<prefix>/bin/openpkg
rpm -q a2ps". If you have the "a2ps" package installed and its version
@@ -73,3 +75,10 @@
for details on how to verify the integrity of this advisory.
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQFB67F5gHWT4GPEy58RAiuUAKCaVwm6qztuFo7Gx7aZP6ZrITKjgQCfdGrL
+ZrkstKQlbfIuKDISsjhjYHE=
+=+cr1
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [email protected]
