ps2epsi from the AFPL version of GhostScript uses /tmp/ps2epsi$$ as a temporary file, without further checks. This file is later an argument to gs, although with -dSAFER specified. A malicious user could try to guess a future PID or watch for this command being started and try to be faster. It could create an appropriate file in advance, which would then be processed with the privileges of the user calling ps2epsi. At the very least he could introduce his own contents instead or additionally to the document provided by the user. I don't know if -dSAFER is safe enough to prevent worse attacks. As a solution, mktemp should be used instead.
printing please verify and provide fixed ebuilds if needed, thank you.
Ebuild fixed in -r4
ppc stable
amd64 stable
x86 done
time to vote Is it possible to force the victim to execute some code thought a .ps ? If not, i tend to vote no. By the way, severity should be lowered to "minor".
mhhh, I tend to say no here
Yes, it's a rather lame one. Voting no.
Closing, feel free to reopen if you disagree.