Updated ghostscript packages for RH
Posted on: 06/02/2003 09:13 PM

Red Hat has released updated ghostscript packages

New ghostscript packages fixing a command execution vulnerability are now available.

Description:
GNU Ghostscript is an interpreter for the PostScript language, and is often used when printing to printers that do not have their own built-in PostScript interpreter.

A flaw in unpatched versions of Ghostscript before 7.07 allows malicious postscript files to execute arbitrary commands even with -dSAFER enabled. Note that this vulnerability does not affect Ghostscript when the Red Hat -dPARANOIDSAFER option is used. Therefore, a malicious print job cannot be used to exploit this vulnerability under Red Hat Linux.

Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.

Read more


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/updated_ghostscript_packages_for_rh.html)