Debian Security Advisory

DSA-192-1 html2ps -- arbitrary code execution

Date Reported:
08 Nov 2002
Affected Packages:
html2ps
Vulnerable:
Yes
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 6079.
In Mitre's CVE dictionary: CVE-2002-1275.
More information:

The SuSE Security Team found a vulnerability in html2ps, an HTML to PostScript converter, that opened files based on unsanitized input insecurely. This problem can be exploited when html2ps is installed as filter within lprng and the attacker has previously gained access to the lp account.

These problems have been fixed in version 1.0b3-1.1 for the current stable distribution (woody), in version 1.0b1-8.1 for the old stable distribution (potato) and in version 1.0b3-2 for the unstable distribution (sid).

We recommend that you upgrade your html2ps package.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b1-8.2.dsc
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b1-8.2.diff.gz
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b1.orig.tar.gz
Architecture-independent component:
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b1-8.2_all.deb

Debian GNU/Linux 3.0 (woody)

Source:
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b3-1.2.dsc
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b3-1.2.diff.gz
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b3.orig.tar.gz
Architecture-independent component:
http://security.debian.org/pool/updates/main/h/html2ps/html2ps_1.0b3-1.2_all.deb

MD5 checksums of the listed files are available in the original advisory.

MD5 checksums of the listed files are available in the revised advisory.