Abcm2ps upstream has released latest v5.9.13 version, fixing "yet more multiple unspecified vulnerabilities": [1] http://moinejf.free.fr/abcm2ps-5.txt Current versions of abcm2ps package, present in Fedora release of 11, 12, and 13, are v5.9.5 based (and potentially vulnerable). Please rebase to new version to overcome these.
Created abcm2ps tracking bugs for this issue Affects: fedora-all [bug 663809]
The CVE identifier of CVE-2010-4744 has been assigned to the following vulnerability: Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impact and attack vectors, a different issue than CVE-2010-3441. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4744 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014 [3] http://moinejf.free.fr/abcm2ps-5.txt [4] http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054015.html [5] http://secunia.com/advisories/43338 [6] http://www.vupen.com/english/advisories/2011/0390
The CVE identifier of CVE-2010-4743 has been assigned to the following vulnerability: Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party information. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014 [2] http://moinejf.free.fr/abcm2ps-5.txt [3] http://secunia.com/advisories/40033 [4] http://secunia.com/advisories/43338 [5] http://www.vupen.com/english/advisories/2011/0390