First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 101842
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Jimi A. <folajimi@speakeasy.net>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 101842 depends on: 104006 Show dependency tree
Bug 101842 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-08-09 04:47 0000 
Javier Fernandez-Sanguino Pena has reported a vulnerability in Inkscape, which
can be exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.

The vulnerability is caused due to the temporary file "/tmp/tmpepsifile.epsi"
being created insecurely by ps2epsi.sh. This can be exploited via symlink
attacks to create or overwrite arbitrary files with the privileges of the user
running the affected application.

The vulnerability has been reported in version 0.41. Prior versions may also be
affected.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.




Solution:
This vulnerability has been fixed in version 0.42.

------- Comment #1 From Thierry Carrez (RETIRED) 2005-08-09 13:34:19 0000 ------- 
0.42 is in the tree, but still masked.

graphics herd: what were your plans for this ? If you pefer to keep it masked
for a long time, maybe you could backport the patch in 0.41 ?

------- Comment #2 From Karol Wojtaszek (RETIRED) 2005-08-09 13:37:32 0000 ------- 
Inkscape-0.42 has many bugs. Upstream is still preparing patches, which will
fix
them. Should be available in this week. I'll add them as soon as possible.

------- Comment #3 From Thierry Carrez (RETIRED) 2005-08-10 00:38:41 0000 ------- 
OK, setting status to wait for upstream.

------- Comment #4 From Thierry Carrez (RETIRED) 2005-08-29 07:20:06 0000 ------- 
Inkscape 0.42.2 Released, August 26, 2005

------- Comment #5 From Karol Wojtaszek (RETIRED) 2005-08-29 12:23:52 0000 ------- 
It's in portage now.

------- Comment #6 From Sune Kloppenborg Jeppesen 2005-08-29 22:19:00 0000 ------- 
Arches please test and mark stale.

------- Comment #7 From Karol Wojtaszek (RETIRED) 2005-08-30 00:18:02 0000 ------- 
x86 done

------- Comment #8 From postmodern 2005-08-30 01:36:44 0000 ------- 
Stable on amd64

------- Comment #9 From Simon Stelling (RETIRED) 2005-08-30 02:29:02 0000 ------- 
amd64 marked stable, thanks for testing :)

------- Comment #10 From Gustavo Zacarias (RETIRED) 2005-08-30 06:01:59 0000 ------- 
sparc stable.

------- Comment #11 From Markus Rothe 2005-08-30 09:27:11 0000 ------- 
stable on ppc64

------- Comment #12 From Michael Hanselmann (hansmi) (RETIRED) 2005-08-30 10:48:54 0000 ------- 
Stable on ppc.

------- Comment #13 From Thierry Carrez (RETIRED) 2005-08-30 11:40:03 0000 ------- 
Ready for GLSA vote.
I tend to vote NO as this is a quite unused script...

------- Comment #14 From Sune Kloppenborg Jeppesen 2005-08-30 12:17:19 0000 ------- 
I tend to vote NO as well.

------- Comment #15 From Tavis Ormandy (RETIRED) 2005-08-30 12:27:12 0000 ------- 
agree with Koon+jaervosz, vote NO.

------- Comment #16 From Sune Kloppenborg Jeppesen 2005-08-30 12:30:30 0000 ------- 
Closing without GLSA, feel free to reopen if you disagree.

------- Comment #17 From Thierry Carrez (RETIRED) 2005-08-31 00:30:44 0000 ------- 
and.... closing.
First Last Prev Next    No search results available      Search page      Enter new bug