|
Family: Ubuntu Local Security Checks --> Category: infos
USN223-1 : inkscape vulnerability Vulnerability Scan
Vulnerability Scan Summary inkscape vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote package "inkscape" is missing a security patch.
Description :
Javier Fernández-Sanguino Peña discovered that Inkscape's ps2epsi.sh
script, which converts PostScript files to Encapsulated PostScript
format, creates a temporary file in an insecure way. A local attacker
could exploit this with a symlink attack to create or overwrite
arbitrary files with the rights of the user running Inkscape.
Solution :
Upgrade to :
- inkscape-0.40-2ubuntu1.1 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|