This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsaid="201701-67">
<title>a2ps: Arbitrary code execution</title>
<synopsis>A vulnerability in a2ps' fixps script might allow remote attackers
to execute arbitrary code.
</synopsis>
<producttype="ebuild">a2ps</product>
<announced>2017-01-29</announced>
<revisedcount="1">2017-01-29</revised>
<bug>506352</bug>
<access>remote</access>
<affected>
<packagename="app-text/a2ps"auto="yes"arch="*">
<unaffectedrange="ge">4.14-r5</unaffected>
<vulnerablerange="lt">4.14-r5</vulnerable>
</package>
</affected>
<background>
<p>a2ps is an Any to PostScript filter.</p>
</background>
<description>
<p>a2ps’ fixps script does not invoke gs with the -dSAFER option.</p>
</description>
<impacttype="normal">
<p>Remote attackers, by enticing a user to process a specially crafted
PostScript file, could delete arbitrary files or execute arbitrary code
with the privileges of the process.
</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All a2ps users should upgrade to the latest version:</p>