Описание
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1:4.14-1.3 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [1:4.14-1.3]] |
| lucid | ignored | end of life |
| precise | released | 1:4.14-1.1+deb7u1build0.12.04.1 |
| quantal | ignored | end of life |
| saucy | ignored | end of life |
| trusty | not-affected | 1:4.14-1.3 |
| trusty/esm | DNE | trusty was not-affected [1:4.14-1.3] |
| upstream | released | 1:4.14-1.3 |
| utopic | not-affected | 1:4.14-1.3 |
Показывать по
Ссылки на источники
6.8 Medium
CVSS2
Связанные уязвимости
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
The fixps script in a2ps 4.14 does not use the -dSAFER option when exe ...
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScript file.
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
6.8 Medium
CVSS2