Synopsis: Important: ghostscript security update Issue date: 2008-02-27 CVE Names: CVE-2008-0411 Chris Evans from the Google Security Team reported a stack-based buffer overflow flaw in Ghostscript's zseticcspace() function. An attacker could create a malicious PostScript file that would cause Ghostscript to execute arbitrary code when opened. (CVE-2008-0411) These updated packages also fix a bug, which prevented the pxlmono printer driver from producing valid output on Scientific Linux 4. SL 3.0.x SRPMS: ghostscript-7.05-32.1.13.src.rpm i386: ghostscript-7.05-32.1.13.i386.rpm ghostscript-devel-7.05-32.1.13.i386.rpm hpijs-1.3-32.1.13.i386.rpm x86_64: ghostscript-7.05-32.1.13.i386.rpm ghostscript-7.05-32.1.13.x86_64.rpm ghostscript-devel-7.05-32.1.13.x86_64.rpm hpijs-1.3-32.1.13.x86_64.rpm SL 4.x SRPMS: ghostscript-7.07-33.2.el4_6.1.src.rpm i386: ghostscript-7.07-33.2.el4_6.1.i386.rpm ghostscript-devel-7.07-33.2.el4_6.1.i386.rpm ghostscript-gtk-7.07-33.2.el4_6.1.i386.rpm x86_64: ghostscript-7.07-33.2.el4_6.1.i386.rpm ghostscript-7.07-33.2.el4_6.1.x86_64.rpm ghostscript-devel-7.07-33.2.el4_6.1.x86_64.rpm ghostscript-gtk-7.07-33.2.el4_6.1.x86_64.rpm SL 5.x SRPMS: ghostscript-8.15.2-9.1.el5_1.1.src.rpm i386: ghostscript-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-devel-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-gtk-8.15.2-9.1.el5_1.1.i386.rpm x86_64: ghostscript-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-8.15.2-9.1.el5_1.1.x86_64.rpm ghostscript-devel-8.15.2-9.1.el5_1.1.i386.rpm ghostscript-devel-8.15.2-9.1.el5_1.1.x86_64.rpm ghostscript-gtk-8.15.2-9.1.el5_1.1.x86_64.rpm -Connie Sieh -Troy Dawson