User: Password:
|
|
Subscribe / Log in / New account

Ubuntu alert USN-3-1 (ghostscript)

From:  Martin Pitt <martin.pitt@canonical.com>
To:  ubuntu-security-announce@lists.ubuntu.com
Subject:  [USN-3-1] GhostScript utility script vulnerabilities
Date:  Wed, 27 Oct 2004 02:42:05 +0200
Cc:  bugtraq@securityfocus.com, full-disclosure@lists.netsys.com

=========================================================== Ubuntu Security Notice USN-3-1 October 27, 2004 GhostScript utility script vulnerabilities CAN-2004-0967 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: gs-common The problem can be corrected by upgrading the affected package to version 0.3.6ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Recently, Trustix Secure Linux discovered some vulnerabilities in the gs-common package. The utilities "pv.sh" and "ps2epsi" created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gs-common/g... Size/MD5: 589 3506426ff7ecd78fea5e254dbf694b35 http://security.ubuntu.com/ubuntu/pool/main/g/gs-common/g... Size/MD5: 31596 060a50ce728aedeb61d6b17be30d2e5d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gs-common/g... Size/MD5: 45434 8ca2afdfe91cd67777f44f767489a705 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds