Security 10748 Published by

Red Hat has released updated ghostscript packages



New ghostscript packages fixing a command execution vulnerability are now available.

Description:
GNU Ghostscript is an interpreter for the PostScript language, and is often used when printing to printers that do not have their own built-in PostScript interpreter.

A flaw in unpatched versions of Ghostscript before 7.07 allows malicious postscript files to execute arbitrary commands even with -dSAFER enabled. Note that this vulnerability does not affect Ghostscript when the Red Hat -dPARANOIDSAFER option is used. Therefore, a malicious print job cannot be used to exploit this vulnerability under Red Hat Linux.

Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.
Read more