Updated ghostscript packages for RH
Posted on: 06/02/2003 09:13 PM
Red Hat has released updated ghostscript packages
New ghostscript packages fixing a command execution vulnerability are now available.Read more
GNU Ghostscript is an interpreter for the PostScript language, and is often used when printing to printers that do not have their own built-in PostScript interpreter.
A flaw in unpatched versions of Ghostscript before 7.07 allows malicious postscript files to execute arbitrary commands even with -dSAFER enabled. Note that this vulnerability does not affect Ghostscript when the Red Hat -dPARANOIDSAFER option is used. Therefore, a malicious print job cannot be used to exploit this vulnerability under Red Hat Linux.
Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.