Ghostscript; Rhsa-2009:0421: Moderate Security Update; Rhsa-2009:0345: Moderate Security Update - Red Hat ENTERPRISE LINUX 5.4 - TECHNICAL NOTES Manual
Hide thumbs
Also See for ENTERPRISE LINUX 5.4 - TECHNICAL NOTES:
- Reference manual (86 pages) ,
- Manual (80 pages) ,
- Release note (20 pages)
Table of Contents
Advertisement
Chapter 1. Package Updates
1.68. ghostscript
1.68.1. RHSA-2009:0421: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security
RHSA-2009:0421
errata
Updated ghostscript packages that fix multiple security issues are now available for Red Hat
Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response
Team.
Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the
Ghostscript library, which implements the graphics capabilities in the PostScript language) and an
interpreter for Portable Document Format (PDF) files.
It was discovered that the Red Hat Security Advisory RHSA-2009:0345 did not address all possible
integer overflow flaws in Ghostscript's International Color Consortium Format library (icclib). Using
specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with
embedded images that could cause Ghostscript to crash or, potentially, execute arbitrary code when
opened.
(CVE-2009-0792
A buffer overflow flaw and multiple missing boundary checks were found in Ghostscript. An attacker
could create a specially-crafted PostScript or PDF file that could cause Ghostscript to crash
or, potentially, execute arbitrary code when opened.
445
CVE-2009-0196
)
Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly reporting the
CVE-2009-0196 flaw.
Users of ghostscript are advised to upgrade to these updated packages, which contain backported
patches to correct these issues.
1.68.2. RHSA-2009:0345: Moderate security update
Important
This update has already been released (prior to the GA of this release) as the security
RHSA-2009:0345
errata
Updated ghostscript packages that fix multiple security issues are now available for Red Hat
Enterprise Linux 3, 4, and 5.
442
https://www.redhat.com/security/data/cve/CVE-2009-0792.html
443
https://www.redhat.com/security/data/cve/CVE-2008-6679.html
444
https://www.redhat.com/security/data/cve/CVE-2007-6725.html
445
https://www.redhat.com/security/data/cve/CVE-2009-0196.html
74
441
442
)
446
443
CVE-2007-6725
(CVE-2008-6679
,
444
,
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat ENTERPRISE LINUX 5.4 - TECHNICAL NOTES
Related Products for Red Hat ENTERPRISE LINUX 5.4 - TECHNICAL NOTES
- Red Hat DEVICE-MAPPER MULTIPATH 5.2
- Red Hat NETWORK SATELLITE 5.1.0 - CHANNEL MANAGEMENT
- Red Hat NETWORK SATELLITE 5.3.0 - CHANNEL MANAGEMENT
- Red Hat GLOBAL FILE SYSTEM 5.0
- Red Hat GLOBAL FILE SYSTEM 5.1
- Red Hat NETWORK SATELLITE 5.0.0 -
- Red Hat NETWORK SATELLITE 5.1.1 - RELEASE NOTES
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
- Red Hat APPLICATION STACK 2.0 RELEASE
- Red Hat APPLICATION STACK 2.1 RELEASE
- Red Hat APPLICATION STACK 2.2 RELEASE
Need help?
Do you have a question about the ENTERPRISE LINUX 5.4 - TECHNICAL NOTES and is the answer not in the manual?
Questions and answers