Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200410-18 (Ghostscript)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.54709

Kategorie: Gentoo Local Security Checks

Titel: Gentoo Security Advisory GLSA 200410-18 (Ghostscript)

Zusammenfassung: The remote host is missing updates announced in;advisory GLSA 200410-18.

Beschreibung: Summary:
The remote host is missing updates announced in
advisory GLSA 200410-18.

Vulnerability Insight:
Multiple scripts in the Ghostscript package are vulnerable to symlink
attacks, potentially allowing a local user to overwrite arbitrary files
with the rights of the user running the script.

Solution:
Ghostscript users on all architectures except PPC should upgrade to the
latest version:

# emerge sync

# emerge -pv '>=app-text/ghostscript-7.07.1-r7'
# emerge '>=app-text/ghostscript-7.07.1-r7'

Ghostscript users on the PPC architecture should upgrade to the latest
stable version on their architecture:

# emerge sync

# emerge -pv '>=app-text/ghostscript-7.05.6-r2'
# emerge '>=app-text/ghostscript-7.05.6-r2'

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-0967
BugTraq ID: 11285
http://www.securityfocus.com/bid/11285
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284
http://www.redhat.com/support/errata/RHSA-2005-081.html
SCO Security Bulletin: SCOSA-2006.19
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt
SCO Security Bulletin: SCOSA-2006.23
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt
http://secunia.com/advisories/16997
http://secunia.com/advisories/17135
http://secunia.com/advisories/19799
http://secunia.com/advisories/20056
http://www.trustix.org/errata/2004/0050
https://www.ubuntu.com/usn/usn-3-1/
XForce ISS Database: script-temporary-file-overwrite(17583)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

Copyright Copyright (C) 2008 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.54709
Kategorie:	Gentoo Local Security Checks
Titel:	Gentoo Security Advisory GLSA 200410-18 (Ghostscript)
Zusammenfassung:	The remote host is missing updates announced in;advisory GLSA 200410-18.
Beschreibung:	Summary: The remote host is missing updates announced in advisory GLSA 200410-18. Vulnerability Insight: Multiple scripts in the Ghostscript package are vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script. Solution: Ghostscript users on all architectures except PPC should upgrade to the latest version: # emerge sync # emerge -pv '>=app-text/ghostscript-7.07.1-r7' # emerge '>=app-text/ghostscript-7.07.1-r7' Ghostscript users on the PPC architecture should upgrade to the latest stable version on their architecture: # emerge sync # emerge -pv '>=app-text/ghostscript-7.05.6-r2' # emerge '>=app-text/ghostscript-7.05.6-r2' CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0967 BugTraq ID: 11285 http://www.securityfocus.com/bid/11285 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10284 http://www.redhat.com/support/errata/RHSA-2005-081.html SCO Security Bulletin: SCOSA-2006.19 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.19/SCOSA-2006.19.txt SCO Security Bulletin: SCOSA-2006.23 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.23/SCOSA-2006.23.txt http://secunia.com/advisories/16997 http://secunia.com/advisories/17135 http://secunia.com/advisories/19799 http://secunia.com/advisories/20056 http://www.trustix.org/errata/2004/0050 https://www.ubuntu.com/usn/usn-3-1/ XForce ISS Database: script-temporary-file-overwrite(17583) https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Copyright	Copyright (C) 2008 E-Soft Inc.