5770252 2000-11-23 15:26 -0200 /75 rader/ <secure@CONECTIVA.COM.BR> Sänt av: joel@lysator.liu.se Importerad: 2000-11-24 03:49 av Brevbäraren (som är implementerad i) Python Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM Externa svar till: secure@CONECTIVA.COM.BR Mottagare: Bugtraq (import) <13889> Ärende: [CLSA-2000:343] Conectiva Linux Security Announcement - ------------------------------------------------------------ ghostscript From: secure@CONECTIVA.COM.BR To: BUGTRAQ@SECURITYFOCUS.COM Message-ID: <200011231726.PAA32193@frajuto.distro.conectiva> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ----------------------------------------------------------------------- PACKAGE : ghostscript SUMMARY : Temporary files and dynamic libraries DATE : 2000-11-23 15:26:00 ID : CLSA-2000:343 RELEVANT RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, prg gráficos, ecommerce, 5.1 - ---------------------------------------------------------------------- DESCRIPTION "ghostscript" as shipped with Conectiva Linux has two security problems that could be used to get higher privileges on a system: 1) insecure temporary file handling could allow symlink attacks; 2) a compile time option that was incorrectly being used made ghostscript pick up dynamic libraries in the current directory instead of the system directories. These problems are now fixed. SOLUTION All users should upgrade to the new packages. DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/4.0/SRPMS/ghostscript-5.10-12cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.0/i386/ghostscript-5.10-12cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0es/SRPMS/ghostscript-5.10-12cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.0es/i386/ghostscript-5.10-12cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.1/SRPMS/ghostscript-5.10-12cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.1/i386/ghostscript-5.10-12cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/SRPMS/ghostscript-5.10-12cl.src.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/ghostscript-5.10-12cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/ghostscript-5.10-12cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/ghostscript-5.10-12cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/ghostscript-5.10-12cl.src.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/ghostscript-5.10-12cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/ghostscript-5.10-12cl.src.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/ghostscript-5.10-12cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/ghostscript-5.10-12cl.src.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/ghostscript-5.10-12cl.i386.rpm - ---------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key can be obtained at http://www.conectiva.com.br/contato - ----------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://www.conectiva.com.br/suporte/atualizacoes - ---------------------------------------------------------------------- subscribe: atualizacoes-anuncio-subscribe@papaleguas.conectiva.com.br unsubscribe: atualizacoes-anuncio-unsubscribe@papaleguas.conectiva.com.br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6HVNG42jd0JmAcZARAtQ+AKDxpjCK3Xo5pNWq42gk9vn4hdXJPgCfZFaM uFLnNoPq8U0OwdJ4RrmfPq0= =vN1m -----END PGP SIGNATURE----- (5770252) --------------------------------(Ombruten)