Test ID:	1.3.6.1.4.1.25623.1.0.68422
Category:	Fedora Local Security Checks
Title:	Fedora Core 14 FEDORA-2010-14549 (ghostscript)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to ghostscript announced via advisory FEDORA-2010-14549. Update Information: This package fixes a security problem (CVE-2010-2055) in ghostscript whereby gs uses the current working directory to look for certain types of system file. This has been fixed by changing the default behaviour. Additionally, several other bugs have been fixed: scripts defining GS_EXECUTABLE have been corrected an epstopdf failure has been fixed some crashes that could occur in some situations have been fixed the Fontmap.local file is once again honoured. Further, the cups driver can now use automatic memory allocation. To enable this feature, put RIPCache auto in /etc/cups/cupsd.conf. References: [ 1 ] Bug #599564 - CVE-2010-2055 Ghostscript: reads initialization files from CWD https://bugzilla.redhat.com/show_bug.cgi?id=599564 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update ghostscript' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2010-14549 Risk factor : High CVSS Score: 7.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2055 20100522 Ghostscript 8.64 executes random code at startup http://www.securityfocus.com/archive/1/511433 20100526 Re: Ghostscript 8.64 executes random code at startup http://www.securityfocus.com/archive/1/511472 http://www.securityfocus.com/archive/1/511474 http://www.securityfocus.com/archive/1/511476 40452 http://secunia.com/advisories/40452 40475 http://secunia.com/advisories/40475 40532 http://secunia.com/advisories/40532 66247 http://www.osvdb.org/66247 ADV-2010-1757 http://www.vupen.com/english/advisories/2010/1757 FEDORA-2010-10642 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html FEDORA-2010-10660 http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html GLSA-201412-17 http://security.gentoo.org/glsa/glsa-201412-17.xml RHSA-2012:0095 https://rhn.redhat.com/errata/RHSA-2012-0095.html SUSE-SR:2010:014 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316 http://bugs.ghostscript.com/show_bug.cgi?id=691339 http://bugs.ghostscript.com/show_bug.cgi?id=691350 http://savannah.gnu.org/forum/forum.php?forum_id=6368 https://bugzilla.novell.com/show_bug.cgi?id=608071 https://bugzilla.redhat.com/show_bug.cgi?id=599564
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.