Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: ghostscript (200306-08)
Date: Sat, 14 Jun 2003 19:33:50
Message-Id: 20030614192913.D18CC3378F@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200306-08
6 - - - ---------------------------------------------------------------------
7
8           PACKAGE : ghostscript
9           SUMMARY : insecure temporary file
10              DATE : 2003-06-14 19:29 UTC
11           EXPLOIT : local
12 VERSIONS AFFECTED : <ghostscript-7.05.6-r2
13     FIXED VERSION : >=ghostscript-7.05.6-r2
14               CVE : CAN-2003-0354
15
16 - - - ---------------------------------------------------------------------
17
18 ps2epsi uses an insecurely created file to execute ghostscript. This
19 could result in overwritten files for the user who is invoking ps2epsi.
20
21 SOLUTION
22
23 It is recommended that all Gentoo Linux users who are running
24 app-text/ghostscript upgrade to ghostscript-7.05.6-r2 as follows
25
26 emerge sync
27 emerge ghostscript
28 emerge clean
29
30 - - - ---------------------------------------------------------------------
31 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
32 - - - ---------------------------------------------------------------------
33 -----BEGIN PGP SIGNATURE-----
34 Version: GnuPG v1.2.2 (GNU/Linux)
35
36 iD8DBQE+63eIfT7nyhUpoZMRApqAAJ9nzy4hgVecAKYa8ebvjLUGM4n+1QCgibhn
37 v6on/g+BAP187BrEoC7D/DE=
38 =zvyQ
39 -----END PGP SIGNATURE-----