Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] [USN-3-1] GhostScript utility script vulnerabilities

from [Martin Pitt] Network Security [Permanent Link]
Subject: [Full-Disclosure] [USN-3-1] GhostScript utility script vulnerabilities
Date: Wed, 27 Oct 2004 02:42:05 +0200 
===========================================================
Ubuntu Security Notice USN-3-1             October 27, 2004
GhostScript utility script vulnerabilities
CAN-2004-0967
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

gs-common

The problem can be corrected by upgrading the affected package to
version 0.3.6ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Recently, Trustix Secure Linux discovered some vulnerabilities in the
gs-common package. The utilities "pv.sh" and "ps2epsi" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the privileges of the user
invoking the program.

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-common/gs-common_0.3.6ubuntu1.1.dsc
      Size/MD5:      589 3506426ff7ecd78fea5e254dbf694b35
    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-common/gs-common_0.3.6ubuntu1.1.tar.gz
      Size/MD5:    31596 060a50ce728aedeb61d6b17be30d2e5d

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-common/gs-common_0.3.6ubuntu1.1_all.deb
      Size/MD5:    45434 8ca2afdfe91cd67777f44f767489a705

Attachment: signature.asc
Description: Digital signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] [USN-3-1] GhostScript utility script vulnerabilities, Martin Pitt <=
Previous by Date:  [Full-Disclosure] [USN-7-1] imagemagick vulnerability, Martin Pitt
Next by Date:  [Full-Disclosure] [USN-8-1] gaim vulnerabilities, Martin Pitt
Previous by Thread:  [Full-Disclosure] [USN-7-1] imagemagick vulnerability, Martin Pitt
Next by Thread:  [Full-Disclosure] [USN-8-1] gaim vulnerabilities, Martin Pitt
Indexes:  [Date] [Thread] [Top] [All Lists]