LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

foomatic: insecure temporary files

Package(s):foomatic CVE #(s):CVE-2011-2924 CVE-2011-2923
Created:September 26, 2011 Updated:September 27, 2011
Description: From the Red Hat bugzilla

It was found that foomatic-rip filter used insecurely created temporary file for storage of PostScript data by rendering the data, intended to be sent to the PostScript filter, when the debug mode was enabled. A local attacker could use this flaw to conduct symlink attacks (overwrite arbitrary file accessible with the privileges of the user running the foomatic-rip universal print filter).

Alerts:
Fedora FEDORA-2011-11205 2011-08-19
Fedora FEDORA-2011-11196 2011-08-19
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds