http://secunia.com/advisories/12903/ A vulnerability has been reported in ESP Ghostscript, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerability is caused due to temporary files being created insecurely by the "pj-gs.sh", "ps2epsi", "pv.sh", and "sysvlp.sh" scripts. This can be exploited via symlink attacks to create or overwrite arbitrary files with the privileges of the user invoking a vulnerable script. CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0967 Red Hat Bugzilla: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136321 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136322 Patch: https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=105441&action=view The patch contains several modification. But the most of them was already fixed. ------- Bug moved to this database by dkl 2005-03-30 18:29 ------- This bug previously known as bug 2266 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2266 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". The original reporter of this bug does not have an account here. Reassigning to the person who moved it here, dkl. Previous reporter was fedora-legacy-bugzilla-2004. Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
Red Hat issued RHSA-2005:081-01: http://rhn.redhat.com/errata/RHSA-2005-081.html for this bug for RHEL 3. RHEL uses ghostscript-7.05. Our most recent ghostscript Packages: RH7.3: 16325468 May 28 2003 ghostscript-6.52-9.5.src.rpm RH9: 12862638 May 28 2003 ghostscript-7.05-32.1.src.rpm FC1: 12816599 Aug 17 2004 ghostscript-7.07-15.4.src.rpm FC2: 11920172 May 07 2004 ghostscript-7.07-25.src.rpm This bug is mislabeled: It should have package "ghostscript", not "gv". This bug affects FC2 also.
changed.
FWIW, This appears fixed in current FC3 and FC4.
Red Hat Linux and Fedora Core releases <=4 are now completely unmaintained. These bugs can't be fixed in these versions. If the issue still persists in current Fedora Core releases, please reopen. Thank you, and sorry about this.