Mailinglist Archive: opensuse-updates (72 mails)

< Previous Next >
openSUSE-SU-2010:0451-1 (important): ghostscript security update
  • From: opensuse-security@xxxxxxxxxxxx
  • Date: Mon, 2 Aug 2010 12:08:10 +0200 (CEST)
  • Message-id: <20100802100811.28951BE29@xxxxxxxxxxxxxx>
openSUSE Security Update: ghostscript security update
______________________________________________________________________________

Announcement ID: openSUSE-SU-2010:0451-1
Rating: important
References: #559122 #605043 #608071
Cross-References: CVE-2010-2055
Affected Products:
openSUSE 11.3
______________________________________________________________________________

An update that solves one vulnerability and has two fixes
is now available.

Description:

ghostscript by default read some initialization files from
the current working directory. Local attackers could
potentially exploit that to have other users execute
arbitrary commands by placing such files e.g. in /tmp
(CVE-2010-2055).


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.3:

zypper in -t patch ghostscript-devel-2726

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.3 (i586 src x86_64):

ghostscript-library-8.70-15.1.1

- openSUSE 11.3 (i586 x86_64):

ghostscript-devel-8.70-15.1.1
ghostscript-fonts-other-8.70-15.1.1
ghostscript-fonts-rus-8.70-15.1.1
ghostscript-fonts-std-8.70-15.1.1
ghostscript-ijs-devel-8.70-15.1.1
ghostscript-omni-8.70-15.1.1
ghostscript-x11-8.70-15.1.1
libgimpprint-4.2.7-15.1.1
libgimpprint-devel-4.2.7-15.1.1


References:

http://support.novell.com/security/cve/CVE-2010-2055.html
https://bugzilla.novell.com/559122
https://bugzilla.novell.com/605043
https://bugzilla.novell.com/608071


< Previous Next >
List Navigation
This Thread
  • No further messages