Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-6076

Published: 31 December 2012

Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.

Notes

AuthorNote
seth-arnold
"low" priority due to symlink and hardlink restrictions in
Ubuntu's Linux kernels; without those protections, "medium"
would be more appropriate.
Multiple patches are proposed in the bugreport; NewAndUndoOld
appears to be preferred from comments #11 and #12
mdeslaur
0.48.4 has fix, albeit the older fix.
inkscape in lucid doesn't do the chdir into /tmp, so
not-affected

Priority

Low

Status

Package Release Status
inkscape
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid Not vulnerable
(0.47.0-2ubuntu2)
oneiric
Released (0.48.2-0ubuntu1.1)
precise
Released (0.48.3.1-1ubuntu1.1)
quantal
Released (0.48.3.1-1ubuntu6.1)
upstream
Released (0.48.3.1-1.3, 0.48.4)
Patches:
other: https://launchpadlibrarian.net/127163394/1022719-NewAndUndoOld.diff
This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu.