| ||||||||||||||||
Ubuntu alert USN-3-1 (ghostscript)
=========================================================== Ubuntu Security Notice USN-3-1 October 27, 2004 GhostScript utility script vulnerabilities CAN-2004-0967 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: gs-common The problem can be corrected by upgrading the affected package to version 0.3.6ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Recently, Trustix Secure Linux discovered some vulnerabilities in the gs-common package. The utilities "pv.sh" and "ps2epsi" created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gs-common/g... Size/MD5: 589 3506426ff7ecd78fea5e254dbf694b35 http://security.ubuntu.com/ubuntu/pool/main/g/gs-common/g... Size/MD5: 31596 060a50ce728aedeb61d6b17be30d2e5d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gs-common/g... Size/MD5: 45434 8ca2afdfe91cd67777f44f767489a705 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-... (Log in to post comments)
|
||||||||||||||||