Red Hat Bugzilla – Bug 136321
CAN-2004-0967 temporary file vulnerabilities in various ghostscript scripts.
Last modified: 2007-11-30 17:07:04 EST
On September 10th 2004, Trustix shared some temporary file
vulnerabilities with vendor-sec. After some refinement these were
made public on Sep30. These are minor issues (impact: LOW) and
therefore should be fixed in future updates, but don't deserve their
own security advisory.
Temporary file vulnerability in espgs pj-gs.sh, ps2epsi, pv.sh,
sysvlp.sh scripts. Patch attached.
Probably Affects: RHEL3
Created attachment 105441 [details]
Proposed patch (needs backporting)
We had most of these already fixed. One of them is new.
There is also bug #88906 -- since we're fixing security things in scripts, I may
as well bundle that one in.
Not including bug #88906.
Fixed in CVS for RHEL3.
Fixed in CVS for RHEL2.1.
Deferring until the next security update for ghostscript.
Fixed in RHBA-2005:081 (to be RHSA-2005:081), adding to RHEL3U6CanFix (security
bug - overriding ack process)
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.