Aladdin Ghostscript Symlink Vulnerability
BID:1990
Info
Aladdin Ghostscript Symlink Vulnerability
| Bugtraq ID: | 1990 |
| Class: | Race Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 22 2000 12:00AM |
| Updated: | Nov 22 2000 12:00AM |
| Credit: | Reported in several advisories by Linux vendors including Caldera, Debian, Mandrake and Red Hat. |
| Vulnerable: |
Aladdin Enterprises Ghostscript 5.50 Aladdin Enterprises Ghostscript 5.10.15 Aladdin Enterprises Ghostscript 5.10.10 Aladdin Enterprises Ghostscript 4.3 |
| Not Vulnerable: |
Aladdin Enterprises Ghostscript 5.50.8 Aladdin Enterprises Ghostscript 5.10.16 Aladdin Enterprises Ghostscript 5.10.10 -1 Aladdin Enterprises Ghostscript 4.3.2 |
Solution / Fix
Aladdin Ghostscript Symlink Vulnerability
Solution:
Several Linux vendors have released new versions of the Ghostscript package which address this vulnerability, including Caldera, Debian, Mandrake and Red Hat.
For each vendor, the proper solution is to upgrade to the newer, fixed version.
Aladdin Enterprises Ghostscript 4.3
Aladdin Enterprises Ghostscript 5.10.10
Aladdin Enterprises Ghostscript 5.50
Solution:
Several Linux vendors have released new versions of the Ghostscript package which address this vulnerability, including Caldera, Debian, Mandrake and Red Hat.
For each vendor, the proper solution is to upgrade to the newer, fixed version.
Aladdin Enterprises Ghostscript 4.3
-
Red Hat Inc. 5.2 alpha ghostscript-4.03-2.alpha.rpm
ftp://updates.redhat.com/5.2/alpha/ghostscript-4.03-2.alpha.rpm -
Red Hat Inc. 5.2 i386 ghostscript-4.03-2.i386.rpm
ftp://updates.redhat.com/5.2/i386/ghostscript-4.03-2.i386.rpm -
Red Hat Inc. 5.2 sparc ghostscript-4.03-2.sparc.rpm
ftp://updates.redhat.com/5.2/sparc/ghostscript-4.03-2.sparc.rpm
Aladdin Enterprises Ghostscript 5.10.10
-
Debian 2.2 gs_5.10-10.1_arm
http://security.debian.org/dists/stable/updates/main/binary-arm/gs_5.1 0-10.1_arm.deb -
Debian 2.2 gs_5.10-10.1_i386
http://security.debian.org/dists/stable/updates/main/binary-i386/gs_5. 10-10.1_i386.deb -
Debian 2.2 gs_5.10-10.1_m68k
http://security.debian.org/dists/stable/updates/main/binary-m68k/gs_5. 10-10.1_m68k.deb -
Debian 2.2 gs_5.10-10.1_powerpc
http://security.debian.org/dists/stable/updates/main/binary-powerpc/gs _5.10-10.1_powerpc.deb -
Debian 2.2 gs_5.10-10.1_sparc
http://security.debian.org/dists/stable/updates/main/binary-sparc/gs_5 .10-10.1_sparc.deb -
MandrakeSoft 7.0 i386 ghostscript-5.10-17.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/RPMS/ ghostscript-5.10-17.1mdk.i586.rpm
Aladdin Enterprises Ghostscript 5.50
-
MandrakeSoft 7.2 i386 ghostscript-5.50-35.1mdk.i586.rpm
http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/ ghostscript-5.50-35.1mdk.i586.rpm -
Red Hat Inc. 6.2 alpha ghostscript-5.50-8_6.x.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/ghostscript-5.50-8_6.x.alpha.rpm -
Red Hat Inc. 6.2 i386 ghostscript-5.50-8_6.x.i386.rpm
ftp://updates.redhat.com/6.2/i386/ghostscript-5.50-8_6.x.i386.rpm -
Red Hat Inc. 6.2 sparc ghostscript-5.50-8_6.x.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/ghostscript-5.50-8_6.x.sparc.rpm -
Red Hat Inc. 7.0 i386 ghostscript-5.50-8.i386.rpm
ftp://updates.redhat.com/7.0/i386/ghostscript-5.50-8.i386.rpm