Bug 136321 - CAN-2004-0967 temporary file vulnerabilities in various ghostscript scripts.
CAN-2004-0967 temporary file vulnerabilities in various ghostscript scripts.
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: ghostscript (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: Tim Waugh
: Security
Depends On:
Blocks: 156320
  Show dependency treegraph
Reported: 2004-10-19 06:35 EDT by Mark J. Cox
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version: RHSA-2005-081
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-28 10:20:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch (needs backporting) (3.03 KB, patch)
2004-10-19 06:35 EDT, Mark J. Cox
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:081 qe-ready SHIPPED_LIVE Low: ghostscript security update 2005-09-28 00:00:00 EDT

  None (edit)
Description Mark J. Cox 2004-10-19 06:35:19 EDT
On September 10th 2004, Trustix shared some temporary file
vulnerabilities with vendor-sec.  After some refinement these were
made public on Sep30.  These are minor issues (impact: LOW) and
therefore should be fixed in future updates, but don't deserve their
own security advisory.

Temporary file vulnerability in espgs pj-gs.sh, ps2epsi, pv.sh,
sysvlp.sh scripts.  Patch attached.

                Affects: RHEL2.1
                Probably Affects: RHEL3
Comment 1 Mark J. Cox 2004-10-19 06:35:56 EDT
Created attachment 105441 [details]
Proposed patch (needs backporting)
Comment 4 Tim Waugh 2004-10-19 12:27:52 EDT
We had most of these already fixed.  One of them is new.

There is also bug #88906 -- since we're fixing security things in scripts, I may
as well bundle that one in.
Comment 5 Tim Waugh 2004-10-20 07:18:15 EDT
Not including bug #88906.

Fixed in CVS for RHEL3.
Fixed in CVS for RHEL2.1.
Comment 6 Tim Waugh 2004-11-17 11:36:40 EST
Deferring until the next security update for ghostscript.
Comment 7 Mark J. Cox 2005-08-02 07:31:09 EDT
Fixed in RHBA-2005:081 (to be RHSA-2005:081), adding to RHEL3U6CanFix (security
bug - overriding ack process)
Comment 9 Red Hat Bugzilla 2005-09-28 10:20:25 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.