Max Vozeler discovered that the the “pstopnm” conversion tool did not use the -dSAFER option when calling ghostscript. This option prohibits file operations and calling commands within PostScript code. This flaw could be exploited by an attacker to execute arbitrary code if he tricked an user (or an automatic server) into processing a specially crafted PostScript document with pstopnm.
The problem can be corrected by updating your system to the following package versions:
11 August 2005
A security issue affects these releases of Ubuntu and its derivatives:
Max Vozeler discovered that the the “pstopnm” conversion tool did not use the -dSAFER option when calling ghostscript. This option prohibits file operations and calling commands within PostScript code. This flaw could be exploited by an attacker to execute arbitrary code if he tricked an user (or an automatic server) into processing a specially crafted PostScript document with pstopnm.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Vulmon