Skip to navigation

Security Advisory ghostscript security update

Advisory: RHSA-2005:081-11
Type: Security Advisory
Severity: Low
Issued on: 2005-09-28
Last updated on: 2005-09-28
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2004-0967

Details

Updated ghostscript packages that fix a PDF output issue and a temporary
file security bug are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Ghostscript is a program for displaying PostScript files or printing them
to non-PostScript printers.

A bug was found in the way several of Ghostscript's utility scripts created
temporary files. A local user could cause these utilities to overwrite
files that the victim running the utility has write access to. The Common
Vulnerabilities and Exposures project assigned the name CAN-2004-0967 to
this issue.

Additionally, this update addresses the following issue:

A problem has been identified in the PDF output driver, which can cause
output to be delayed indefinitely on some systems. The fix has been
backported from GhostScript 7.07.

All users of ghostscript should upgrade to these updated packages, which
contain backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
ghostscript-7.05-32.1.10.src.rpm
File outdated by:  RHSA-2009:0420
    MD5: 87e1d46ae49bb064bfd51edd9533c2fb
 
IA-32:
ghostscript-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: dee9bec5beb1752031796689040312b5
ghostscript-devel-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: ae2af61ea81496cc5d8e7e5021143470
hpijs-1.3-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: 92e2a96299c1fb3539d3087f5155c39f
 
x86_64:
ghostscript-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: dee9bec5beb1752031796689040312b5
ghostscript-7.05-32.1.10.x86_64.rpm
File outdated by:  RHSA-2009:0420
    MD5: d37615952eeb5803b749083dcdda966c
ghostscript-devel-7.05-32.1.10.x86_64.rpm
File outdated by:  RHSA-2009:0420
    MD5: 819c35d32e4865a14868c3b19d32e7d0
hpijs-1.3-32.1.10.x86_64.rpm
File outdated by:  RHSA-2009:0420
    MD5: 6d801f7e7a811cf64bffb10ea9cee565
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
ghostscript-7.05-32.1.10.src.rpm
File outdated by:  RHSA-2009:0420
    MD5: 87e1d46ae49bb064bfd51edd9533c2fb
 
IA-32:
ghostscript-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: dee9bec5beb1752031796689040312b5
ghostscript-devel-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: ae2af61ea81496cc5d8e7e5021143470
hpijs-1.3-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: 92e2a96299c1fb3539d3087f5155c39f
 
IA-64:
ghostscript-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: dee9bec5beb1752031796689040312b5
ghostscript-7.05-32.1.10.ia64.rpm
File outdated by:  RHSA-2009:0420
    MD5: 73f845b1cbd06a0bb3b5c66fb8314dee
ghostscript-devel-7.05-32.1.10.ia64.rpm
File outdated by:  RHSA-2009:0420
    MD5: be67339328dc16c6674da83da538550b
hpijs-1.3-32.1.10.ia64.rpm
File outdated by:  RHSA-2009:0420
    MD5: f43122f745873753078133f30d75386c
 
PPC:
ghostscript-7.05-32.1.10.ppc.rpm
File outdated by:  RHSA-2009:0420
    MD5: c95035076fce72a1245933502a3a72c5
ghostscript-7.05-32.1.10.ppc64.rpm
File outdated by:  RHSA-2009:0420
    MD5: 9ccfee1181811b647f084c9b4fb58f6d
ghostscript-devel-7.05-32.1.10.ppc.rpm
File outdated by:  RHSA-2009:0420
    MD5: ed15b258765009145a645513993e3fac
hpijs-1.3-32.1.10.ppc.rpm
File outdated by:  RHSA-2009:0420
    MD5: dc185146a03cad78cb148e9d9f701102
 
s390:
ghostscript-7.05-32.1.10.s390.rpm
File outdated by:  RHSA-2009:0420
    MD5: 2a1b3e34525b2a05b96e2d3b4eda0ac6
ghostscript-devel-7.05-32.1.10.s390.rpm
File outdated by:  RHSA-2009:0420
    MD5: ea7c23f7b9d485de8b47591e26f32324
hpijs-1.3-32.1.10.s390.rpm
File outdated by:  RHSA-2009:0420
    MD5: 7a032f8eb837e3850787dd328b1e4017
 
s390x:
ghostscript-7.05-32.1.10.s390.rpm
File outdated by:  RHSA-2009:0420
    MD5: 2a1b3e34525b2a05b96e2d3b4eda0ac6
ghostscript-7.05-32.1.10.s390x.rpm
File outdated by:  RHSA-2009:0420
    MD5: f5b74aaca04b9d7fdf427d31706a68e2
ghostscript-devel-7.05-32.1.10.s390x.rpm
File outdated by:  RHSA-2009:0420
    MD5: cd03353a351f213cdb0e57168fb17a8d
hpijs-1.3-32.1.10.s390x.rpm
File outdated by:  RHSA-2009:0420
    MD5: a838f3035c1442db827b8430e5fdb1bf
 
x86_64:
ghostscript-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: dee9bec5beb1752031796689040312b5
ghostscript-7.05-32.1.10.x86_64.rpm
File outdated by:  RHSA-2009:0420
    MD5: d37615952eeb5803b749083dcdda966c
ghostscript-devel-7.05-32.1.10.x86_64.rpm
File outdated by:  RHSA-2009:0420
    MD5: 819c35d32e4865a14868c3b19d32e7d0
hpijs-1.3-32.1.10.x86_64.rpm
File outdated by:  RHSA-2009:0420
    MD5: 6d801f7e7a811cf64bffb10ea9cee565
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
ghostscript-7.05-32.1.10.src.rpm
File outdated by:  RHSA-2009:0420
    MD5: 87e1d46ae49bb064bfd51edd9533c2fb
 
IA-32:
ghostscript-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: dee9bec5beb1752031796689040312b5
ghostscript-devel-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: ae2af61ea81496cc5d8e7e5021143470
hpijs-1.3-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: 92e2a96299c1fb3539d3087f5155c39f
 
IA-64:
ghostscript-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: dee9bec5beb1752031796689040312b5
ghostscript-7.05-32.1.10.ia64.rpm
File outdated by:  RHSA-2009:0420
    MD5: 73f845b1cbd06a0bb3b5c66fb8314dee
ghostscript-devel-7.05-32.1.10.ia64.rpm
File outdated by:  RHSA-2009:0420
    MD5: be67339328dc16c6674da83da538550b
hpijs-1.3-32.1.10.ia64.rpm
File outdated by:  RHSA-2009:0420
    MD5: f43122f745873753078133f30d75386c
 
x86_64:
ghostscript-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: dee9bec5beb1752031796689040312b5
ghostscript-7.05-32.1.10.x86_64.rpm
File outdated by:  RHSA-2009:0420
    MD5: d37615952eeb5803b749083dcdda966c
ghostscript-devel-7.05-32.1.10.x86_64.rpm
File outdated by:  RHSA-2009:0420
    MD5: 819c35d32e4865a14868c3b19d32e7d0
hpijs-1.3-32.1.10.x86_64.rpm
File outdated by:  RHSA-2009:0420
    MD5: 6d801f7e7a811cf64bffb10ea9cee565
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
ghostscript-7.05-32.1.10.src.rpm
File outdated by:  RHSA-2009:0420
    MD5: 87e1d46ae49bb064bfd51edd9533c2fb
 
IA-32:
ghostscript-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: dee9bec5beb1752031796689040312b5
ghostscript-devel-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: ae2af61ea81496cc5d8e7e5021143470
hpijs-1.3-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: 92e2a96299c1fb3539d3087f5155c39f
 
IA-64:
ghostscript-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: dee9bec5beb1752031796689040312b5
ghostscript-7.05-32.1.10.ia64.rpm
File outdated by:  RHSA-2009:0420
    MD5: 73f845b1cbd06a0bb3b5c66fb8314dee
ghostscript-devel-7.05-32.1.10.ia64.rpm
File outdated by:  RHSA-2009:0420
    MD5: be67339328dc16c6674da83da538550b
hpijs-1.3-32.1.10.ia64.rpm
File outdated by:  RHSA-2009:0420
    MD5: f43122f745873753078133f30d75386c
 
x86_64:
ghostscript-7.05-32.1.10.i386.rpm
File outdated by:  RHSA-2009:0420
    MD5: dee9bec5beb1752031796689040312b5
ghostscript-7.05-32.1.10.x86_64.rpm
File outdated by:  RHSA-2009:0420
    MD5: d37615952eeb5803b749083dcdda966c
ghostscript-devel-7.05-32.1.10.x86_64.rpm
File outdated by:  RHSA-2009:0420
    MD5: 819c35d32e4865a14868c3b19d32e7d0
hpijs-1.3-32.1.10.x86_64.rpm
File outdated by:  RHSA-2009:0420
    MD5: 6d801f7e7a811cf64bffb10ea9cee565
 

Bugs fixed (see bugzilla for more information)

136321 - CAN-2004-0967 temporary file vulnerabilities in various ghostscript scripts.
97583 - [7.05-20.1] gs gets stuck reading /dev/random


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/