#24292 – CVE-2010-2055 - reads initialization files from current working directory

Bug 24292 - CVE-2010-2055 - reads initialization files from current working directory

Summary: CVE-2010-2055 - reads initialization files from current working directory

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	ghostscript (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 blocker
Assignee:	Fr. Br. George
QA Contact:	qa-sisyphus

URL:	http://cve.mitre.org/cgi-bin/cvename....
Keywords:	security

Depends on:
Blocks:

Reported:	2010-10-13 17:33 MSD by Vladimir Lettiev
Modified:	2010-10-27 14:09 MSD (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vladimir Lettiev 2010-10-13 17:33:01 MSD

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program.

Comment 1 Repository Robot 2010-10-27 14:09:20 MSD

ghostscript-9.00-alt1 -> sisyphus:

* Tue Oct 26 2010 Vitaly Kuznetsov <vitty@altlinux> 9.00-alt1
- 9.00
- CVE-2010-2055 (ALT #24292)