CVE-2012-6076
Published: 31 December 2012
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
Notes
Author | Note |
---|---|
seth-arnold | "low" priority due to symlink and hardlink restrictions in Ubuntu's Linux kernels; without those protections, "medium" would be more appropriate. Multiple patches are proposed in the bugreport; NewAndUndoOld appears to be preferred from comments #11 and #12 |
mdeslaur | 0.48.4 has fix, albeit the older fix. inkscape in lucid doesn't do the chdir into /tmp, so not-affected |
Priority
Status
Package | Release | Status |
---|---|---|
inkscape Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
(0.47.0-2ubuntu2)
|
|
oneiric |
Released
(0.48.2-0ubuntu1.1)
|
|
precise |
Released
(0.48.3.1-1ubuntu1.1)
|
|
quantal |
Released
(0.48.3.1-1ubuntu6.1)
|
|
upstream |
Released
(0.48.3.1-1.3, 0.48.4)
|
|
Patches: other: https://launchpadlibrarian.net/127163394/1022719-NewAndUndoOld.diff |
||
This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu. |