This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
Synopsis :
The remote Debian host is missing a security-related update.
Description :
Several vulnerabilities have been discovered in Inkscape, a
vector-based drawing program. The Common Vulnerabilities and Exposures
project identifies the following problems :
- CVE-2005-3737
Joxean Koret discovered a buffer overflow in the SVG
parsing routines that can lead to the execution of
arbitrary code.
- CVE-2005-3885
Javier Fernández-Sanguino Peña noticed that the
ps2epsi extension shell script uses a hardcoded
temporary file making it vulnerable to symlink attacks.
See also :
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=321501
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894
http://www.debian.org/security/2005/dsa-916
Solution :
Upgrade the inkscape package.
The old stable distribution (woody) does not contain inkscape
packages.
For the stable distribution (sarge) this problem has been fixed in
version 0.41-4.99.sarge2.
Risk factor :
Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.4
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true
Family: Debian Local Security Checks
Nessus Plugin ID: 22782 (debian_DSA-916.nasl)
Bugtraq ID: 14522
CVE ID: CVE-2005-3737
CVE-2005-3885