|Category:||Red Hat Local Security Checks|
|Title:||RedHat Security Advisory RHSA-2008:0155|
The remote host is missing updates announced in
Ghostscript is a program for displaying PostScript files, or printing them
to non-PostScript printers.
Chris Evans from the Google Security Team reported a stack-based buffer
overflow flaw in Ghostscript's zseticcspace() function. An attacker could
create a malicious PostScript file that would cause Ghostscript to execute
arbitrary code when opened. (CVE-2008-0411)
These updated packages also fix a bug, which prevented the pxlmono printer
driver from producing valid output on Red Hat Enterprise Linux 4.
All users of ghostscript are advised to upgrade to these updated packages,
which contain a backported patch to resolve these issues.
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2008-0411|
BugTraq ID: 28017
Bugtraq: 20080228 Ghostscript buffer overflow (Google Search)
Bugtraq: 20080228 rPSA-2008-0082-1 espgs (Google Search)
Debian Security Information: DSA-1510 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:010 (Google Search)
|Copyright||Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.