|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu USN-223-1 (inkscape)|
|Summary:||Ubuntu USN-223-1 (inkscape)|
The remote host is missing an update to inkscape
announced via advisory USN-223-1.
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected: inkscape
Javier Fernandez-Sanguino Pena discovered that Inkscape's ps2epsi.sh
script, which converts PostScript files to Encapsulated PostScript
format, creates a temporary file in an insecure way. A local attacker
could exploit this with a symlink attack to create or overwrite
arbitrary files with the privileges of the user running Inkscape.
The problem can be corrected by upgrading the affected package to
version 0.40-2ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Risk factor : Medium
BugTraq ID: 14522|
Common Vulnerability Exposure (CVE) ID: CVE-2005-3885
Debian Security Information: DSA-916 (Google Search)
|Copyright||Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com|
|This is only one of 38680 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.