-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200306-08
--------------------------------------------------------------------
PACKAGE : ghostscript
SUMMARY : insecure temporary file
DATE : 2003-06-14 19:29 UTC
EXPLOIT : local
VERSIONS AFFECTED : =ghostscript-7.05.6-r2
CVE : CAN-2003-0354
--------------------------------------------------------------------
ps2epsi uses an insecurely created file to execute ghostscript. This
could result in overwritten files for the user who is invoking ps2epsi.
SOLUTION
It is recommended that all Gentoo Linux users who are running
app-text/ghostscript upgrade to ghostscript-7.05.6-r2 as follows
emerge sync
emerge ghostscript
emerge clean
--------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+63eIfT7nyhUpoZMRApqAAJ9nzy4hgVecAKYa8ebvjLUGM4n+1QCgibhn
v6on/g+BAP187BrEoC7D/DE=
=zvyQ
-----END PGP SIGNATURE-----
|