drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ungewollte Kommandoausführung in ghostscript
Name: |
Ungewollte Kommandoausführung in ghostscript
|
|
ID: |
200306-08 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
So, 15. Juni 2003, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
AFPL Ghostscript |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200306-08 --------------------------------------------------------------------
PACKAGE : ghostscript SUMMARY : insecure temporary file DATE : 2003-06-14 19:29 UTC EXPLOIT : local VERSIONS AFFECTED : <ghostscript-7.05.6-r2 FIXED VERSION : >=ghostscript-7.05.6-r2 CVE : CAN-2003-0354
--------------------------------------------------------------------
ps2epsi uses an insecurely created file to execute ghostscript. This could result in overwritten files for the user who is invoking ps2epsi.
SOLUTION
It is recommended that all Gentoo Linux users who are running app-text/ghostscript upgrade to ghostscript-7.05.6-r2 as follows
emerge sync emerge ghostscript emerge clean
-------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz -------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+63eIfT7nyhUpoZMRApqAAJ9nzy4hgVecAKYa8ebvjLUGM4n+1QCgibhn v6on/g+BAP187BrEoC7D/DE= =zvyQ -----END PGP SIGNATURE-----
|
|
|
|