commit a2ps for openSUSE:Factory
Hello community, here is the log from the commit of package a2ps for openSUSE:Factory checked in at 2015-11-26 17:03:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/a2ps (Old) and /work/SRC/openSUSE:Factory/.a2ps.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "a2ps" Changes: -------- --- /work/SRC/openSUSE:Factory/a2ps/a2ps.changes 2015-05-25 11:15:07.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.a2ps.new/a2ps.changes 2015-11-26 17:03:53.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Nov 16 15:05:43 UTC 2015 - werner@suse.de + +- Add patch a2ps-4.14-bnc955194.patch to fix format string + vulnerability (bnc#955194) + +------------------------------------------------------------------- New: ---- a2ps-4.14-bnc955194.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ a2ps.spec ++++++ --- /var/tmp/diff_new_pack.rq16x4/_old 2015-11-26 17:03:55.000000000 +0100 +++ /var/tmp/diff_new_pack.rq16x4/_new 2015-11-26 17:03:55.000000000 +0100 @@ -44,6 +44,8 @@ # PATCH-FIX-USTREAM Bug 871097 - CVE-2014-0466: a2ps: fixps does not use -dSAFER Patch14: CVE-2014-0466.diff Patch15: a2ps-4.14-gperf.patch +# PATCH-FIX-SUSE Bug 955194 - CVE-2015-8107: CVE-2015-8107 - a2ps(gnu) v4.14 format string vulnerability +Patch16: a2ps-4.14-bnc955194.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: emacs-nox @@ -120,6 +122,7 @@ %patch13 -p1 %patch14 -p1 %patch15 -p1 +%patch16 -p0 %patch0 -b .p0 cp -f %{SOURCE3} po/ko.po find -type f | grep -vE '(parseppd|parsessh).y' | xargs \ ++++++ a2ps-4.14-bnc955194.patch ++++++
From seclists.org/oss-sec/2015/q4/284 CVE-2015-8107 - a2ps(gnu) v4.14 format string vulnerability
Be aware that if compiled with -D_FORTIFY_SOURCE=2 the a2ps does abort with a2ps --prologue=exploit /etc/hosts -o /dev/null *** %n in writable segment detected *** Abort Also the explpoit has to be installed as a pro file in the appropiate system paths or $HOME/.a2ps of the attacked user. --- lib/output.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- lib/output.c +++ lib/output.c 2015-11-16 15:01:23.414079544 +0000 @@ -525,7 +525,7 @@ output_file (struct output * out, a2ps_j expand_user_string (job, FIRST_FILE (job), (const uchar *) "Expand: requirement", (const uchar *) token)); - output (dest, expansion); + output (dest, "%s", expansion); continue; }
participants (1)
-
root@hilbert.suse.de