gs-common/epic Updates for Debian
Posted on: 04/16/2003 10:45 AM

Two new security updates for Debian GNU/Linux has been released

DSA-286-1 gs-common -- insecure temporary file

Paul Szabo discovered insecure creation of a temporary file in ps2epsi, a script that is distributed as part of gs-common which contains common files for different Ghostscript releases. ps2epsi uses a temporary file in the process of invoking ghostscript. This file was created in an insecure fashion, which could allow a local attacker to overwrite files owned by a user who invokes ps2epsi.

Read more

DSA-287-1 epic -- buffer overflows

Timo Sirainen discovered several problems in EPIC, a popular client for Internet Relay Chat (IRC). A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.

Read more




Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/gs_commonepic_updates_for_debian.html)