Bug#456960: cupsys: CVE-2007-6358 insecure file handling in pdftops filter script

To: submit@bugs.debian.org
Subject: Bug#456960: cupsys: CVE-2007-6358 insecure file handling in pdftops filter script
From: Nico Golde <nion@debian.org>
Date: Tue, 18 Dec 2007 19:15:40 +0100
Message-id: <[🔎] 20071218181539.GA15175@ngolde.de>
Reply-to: Nico Golde <nion@debian.org>, 456960@bugs.debian.org

Package: cupsys
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for cupsys.

CVE-2007-6358[0]:
| files/pdftops.pl before 1.20 in pdftops allows local users to
| overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp
| temporary file, which is created when pdftops reads a PDF file from
| stdin, such as when pdftops is invoked by CUPS.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6358

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgp6QKeMhBs4H.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#456960: marked as done (cupsys: CVE-2007-6358 insecure file handling in pdftops filter script)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#456941: hplip-gui: package contains no programs
Next by Date: Processed: severity of 456960 is important
Previous by thread: Bug#456941: hplip-gui: package contains no programs
Next by thread: Bug#456960: marked as done (cupsys: CVE-2007-6358 insecure file handling in pdftops filter script)
Index(es):
- Date
- Thread