USN-223-1: Inkscape vulnerability
5 December 2005
Inkscape vulnerability
Releases
Details
Javier Fernández-Sanguino Peña discovered that Inkscape's ps2epsi.sh
script, which converts PostScript files to Encapsulated PostScript
format, creates a temporary file in an insecure way. A local attacker
could exploit this with a symlink attack to create or overwrite
arbitrary files with the privileges of the user running Inkscape.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 5.04
-
inkscape
-
In general, a standard system update will make all the necessary changes.