Synopsis: Moderate: ghostscript security update Issue date: 2009-04-14 CVE Names: CVE-2007-6725 CVE-2008-6679 CVE-2009-0196 CVE-2009-0792 It was discovered that the Red Hat Security Advisory RHSA-2009:0345 did not address all possible integer overflow flaws in Ghostscript's International Color Consortium Format library (icclib). Using specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images that could cause Ghostscript to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0792) A buffer overflow flaw and multiple missing boundary checks were found in Ghostscript. An attacker could create a specially-crafted PostScript or PDF file that could cause Ghostscript to crash or, potentially, execute arbitrary code when opened. (CVE-2008-6679, CVE-2007-6725, CVE-2009-0196) SL 3.0.x SRPMS: ghostscript-7.05-32.1.20.src.rpm i386: ghostscript-7.05-32.1.20.i386.rpm ghostscript-devel-7.05-32.1.20.i386.rpm hpijs-1.3-32.1.20.i386.rpm x86_64: ghostscript-7.05-32.1.20.i386.rpm ghostscript-7.05-32.1.20.x86_64.rpm ghostscript-devel-7.05-32.1.20.x86_64.rpm hpijs-1.3-32.1.20.x86_64.rpm SL 4.x SRPMS: ghostscript-7.07-33.2.el4_7.8.src.rpm i386: ghostscript-7.07-33.2.el4_7.8.i386.rpm ghostscript-devel-7.07-33.2.el4_7.8.i386.rpm ghostscript-gtk-7.07-33.2.el4_7.8.i386.rpm x86_64: ghostscript-7.07-33.2.el4_7.8.i386.rpm ghostscript-7.07-33.2.el4_7.8.x86_64.rpm ghostscript-devel-7.07-33.2.el4_7.8.x86_64.rpm ghostscript-gtk-7.07-33.2.el4_7.8.x86_64.rpm SL 5.x SRPMS: ghostscript-8.15.2-9.4.el5_3.7.src.rpm i386: ghostscript-8.15.2-9.4.el5_3.7.i386.rpm ghostscript-devel-8.15.2-9.4.el5_3.7.i386.rpm ghostscript-gtk-8.15.2-9.4.el5_3.7.i386.rpm x86_64: ghostscript-8.15.2-9.4.el5_3.7.i386.rpm ghostscript-8.15.2-9.4.el5_3.7.x86_64.rpm ghostscript-devel-8.15.2-9.4.el5_3.7.i386.rpm ghostscript-devel-8.15.2-9.4.el5_3.7.x86_64.rpm ghostscript-gtk-8.15.2-9.4.el5_3.7.x86_64.rpm -Connie Sieh -Troy Dawson