Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 19466

Summary: app-text/ghostscript
Product: Gentoo Linux Reporter: Daniel Ahlberg (RETIRED) <aliz>
Component: New packagesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: critical    
Priority: Highest    
Version: 1.0   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Daniel Ahlberg (RETIRED) gentoo-dev 2003-04-17 05:30:32 UTC 
[SECURITY] [DSA 286-1] New gs-common packages fix insecure temporary file creation 
 
From:  
joey@infodrom.org (Martin Schulze) 
 
 
To:  
debian-security-announce@lists.debian.org (Debian Security Announcements) 
 
 
Date:  
Monday 16.35.27 
 
 
 
Message was signed by Martin Schulze (Key ID: 0x801EA932). 
The signature is valid, but the key is untrusted. 
 
 
-------------------------------------------------------------------------- 
Debian Security Advisory DSA 286-1                     security@debian.org 
http://www.debian.org/security/                             Martin Schulze 
April 14th, 2003                        http://www.debian.org/security/faq 
-------------------------------------------------------------------------- 
 
Package        : gs-common 
Vulnerability  : insecure temporary file 
Problem-Type   : local 
Debian-specific: no 
 
Paul Szabo discovered insecure creation of a temporary file in 
ps2epsi, a script that is distributed as part of gs-common which 
contains common files for different Ghostscript releases.  ps2epsiuses 
a temporary file in the process of invoking ghostscript.  This file 
was created in an insecure fashion, which could allow a local attacker 
to overwrite files owned by a user who invokes ps2epsi. 
 
For the stable distribution (woody) this problem has been fixed in 
version 0.3.3.0woody1. 
 
The old stable distribution (potato) is not affected by this problem. 
 
For the unstable distribution (sid) these problems have been fixed in 
version 0.3.3.1. 
 
We recommend that you upgrade your gs-common package. 
 
 
Upgrade Instructions 
-------------------- 
 
wget url 
        will fetch the file for you 
dpkg -i file.deb 
        will install the referenced file. 
 
If you are using the apt-get package manager, use the line for 
sources.list as given below: 
 
apt-get update 
        will update the internal database 
apt-get upgrade 
        will install corrected packages 
 
You may use an automated update by adding the resources from the 
footer to the proper configuration. 
 
 
Debian GNU/Linux 3.0 alias woody 
-------------------------------- 
 
  Source archives: 
 
    http://security.debian.org/pool/updates/main/g/gs-common/gs-common_0.3.3.0woody1.dsc 
      Size/MD5 checksum:      522 16e9ffda57fcdb6c48e977e499fd8671 
    http://security.debian.org/pool/updates/main/g/gs-common/gs-common_0.3.3.0woody1.tar.gz 
      Size/MD5 checksum:    16202 9588ecfa64ccffdc50df77cdf282edc0 
 
  Architecture independent components: 
 
    http://security.debian.org/pool/updates/main/g/gs-common/gs-common_0.3.3.0woody1_all.deb 
      Size/MD5 checksum:    23008 77cc8798e636d26f6fa3a9913afc1de4 
 
 
  These files will probably be moved into the stable distribution on 
  its next revision. 
 
--------------------------------------------------------------------------------- 
For apt-get: deb http://security.debian.org/ stable/updates main 
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main 
Mailing list: debian-security-announce@lists.debian.org 
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> 
 
 
 
End of signed message 
 
--  
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Comment 1 Daniel Ahlberg (RETIRED) gentoo-dev 2003-06-14 12:44:46 UTC 

*** This bug has been marked as a duplicate of 22254 ***