Oval Definition:oval:com.redhat.rhsa:def:20090420
Revision Date:2009-04-14Version:647
Title:RHSA-2009:0420: ghostscript security update (Moderate)
Description:Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files.

  • It was discovered that the Red Hat Security Advisory RHSA-2009:0345 did not address all possible integer overflow flaws in Ghostscript's International Color Consortium Format library (icclib). Using specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images that could cause Ghostscript to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0792)

  • A missing boundary check was found in Ghostscript's CCITTFax decoding filter. An attacker could create a specially-crafted PostScript or PDF file that could cause Ghostscript to crash or, potentially, execute arbitrary code when opened. (CVE-2007-6725)

    Users of ghostscript are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-6725
    CVE-2009-0792
    RHSA-2009:0420
    RHSA-2009:0420-01
    RHSA-2009:0420-01
    Platform(s):Red Hat Enterprise Linux 3
    Red Hat Enterprise Linux 4
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • ghostscript is earlier than 0:7.05-32.1.20
  • AND ghostscript is signed with Red Hat master key
  • hpijs is earlier than 0:1.3-32.1.20
  • AND hpijs is signed with Red Hat master key
  • ghostscript-devel is earlier than 0:7.05-32.1.20
  • AND ghostscript-devel is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • ghostscript-devel is earlier than 0:7.07-33.2.el4_7.8
  • AND ghostscript-devel is signed with Red Hat master key
  • ghostscript is earlier than 0:7.07-33.2.el4_7.8
  • AND ghostscript is signed with Red Hat master key
  • ghostscript-gtk is earlier than 0:7.07-33.2.el4_7.8
  • AND ghostscript-gtk is signed with Red Hat master key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 3 is installed
  • AND
  • ghostscript is earlier than 0:7.05-32.1.20
  • AND ghostscript is signed with Red Hat master key
  • ghostscript-devel is earlier than 0:7.05-32.1.20
  • AND ghostscript-devel is signed with Red Hat master key
  • hpijs is earlier than 0:1.3-32.1.20
  • AND hpijs is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • ghostscript is earlier than 0:7.07-33.2.el4_7.8
  • AND ghostscript is signed with Red Hat master key
  • ghostscript-devel is earlier than 0:7.07-33.2.el4_7.8
  • AND ghostscript-devel is signed with Red Hat master key
  • ghostscript-gtk is earlier than 0:7.07-33.2.el4_7.8
  • AND ghostscript-gtk is signed with Red Hat master key
    • Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • ghostscript is earlier than 0:7.07-33.2.el4_7.8
  • AND ghostscript is signed with Red Hat redhatrelease2 key
  • ghostscript-devel is earlier than 0:7.07-33.2.el4_7.8
  • AND ghostscript-devel is signed with Red Hat redhatrelease2 key
  • ghostscript-gtk is earlier than 0:7.07-33.2.el4_7.8
  • AND ghostscript-gtk is signed with Red Hat redhatrelease2 key
    • BACK