RHSA-2009:0420: Moderate: ghostscript security update
Ghostscript is a set of software that provides a PostScript interpreter, aset of C procedures (the Ghostscript library, which implements the graphicscapabilities in the PostScript language) and an interpreter for PortableDocument Format (PDF) files.It was discovered that the Red Hat Security Advisory RHSA-2009:0345 did notaddress all possible integer overflow flaws in Ghostscript's InternationalColor Consortium Format library (icclib). Using specially-crafted ICCprofiles, an attacker could create a malicious PostScript or PDF file withembedded images that could cause Ghostscript to crash or, potentially,execute arbitrary code when opened. (CVE-2009-0792)A missing boundary check was found in Ghostscript's CCITTFax decodingfilter. An attacker could create a specially-crafted PostScript or PDF filethat could cause Ghostscript to crash or, potentially, execute arbitrarycode when opened. (CVE-2007-6725)Users of ghostscript are advised to upgrade to these updated packages,which contain backported patches to correct these issues.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2009:0420?
The severity of RHSA-2009:0420 is classified as moderate.
What software is affected by RHSA-2009:0420?
RHSA-2009:0420 affects the Ghostscript package and its related components on Red Hat systems.
How do I fix RHSA-2009:0420?
To fix RHSA-2009:0420, upgrade to the Ghostscript version 7.07-33.2.el4_7.8 or later.
Is there a workaround for RHSA-2009:0420?
There are no specific workarounds recommended for RHSA-2009:0420; applying the update is the advised solution.
What should I do if I cannot update my system for RHSA-2009:0420?
If you cannot update your system for RHSA-2009:0420, ensure that your environment is secured and monitor it closely for any unusual activity.