Login
Newsletter
Werbung

Sicherheit: Ungewollte Kommandoausführung in ghostscript
Aktuelle Meldungen Distributionen
Name: Ungewollte Kommandoausführung in ghostscript
ID: 200306-08
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: So, 15. Juni 2003, 13:00
Referenzen: Keine Angabe
Applikationen: AFPL Ghostscript

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-08
--------------------------------------------------------------------

          PACKAGE : ghostscript
          SUMMARY : insecure temporary file
             DATE : 2003-06-14 19:29 UTC
          EXPLOIT : local
VERSIONS AFFECTED : <ghostscript-7.05.6-r2
    FIXED VERSION : >=ghostscript-7.05.6-r2
              CVE : CAN-2003-0354

--------------------------------------------------------------------

ps2epsi uses an insecurely created file to execute ghostscript. This
could result in overwritten files for the user who is invoking ps2epsi.

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-text/ghostscript upgrade to ghostscript-7.05.6-r2 as follows

emerge sync
emerge ghostscript
emerge clean

--------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+63eIfT7nyhUpoZMRApqAAJ9nzy4hgVecAKYa8ebvjLUGM4n+1QCgibhn
v6on/g+BAP187BrEoC7D/DE=
=zvyQ
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung