RHEL 2.1 : ghostscript (RHSA-2002:123)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated packages are available for GNU Ghostscript, which fix a
vulnerability found during PostScript interpretation.

Ghostscript is a program for displaying PostScript files or printing
them to non-PostScript printers.

An untrusted PostScript file can cause ghostscript to execute
arbitrary commands due to insufficient checking. Since GNU Ghostscript
is often used during the course of printing a document (and is run as
user 'lp'), all users should install these fixed packages.

The problem is fixed in the 6.53 source release of GNU Ghostscript,
and the fix has been backported and applied to the packages referenced
by this advisory.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2002-0363 to this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2002-0363.html
http://rhn.redhat.com/errata/RHSA-2002-123.html

Solution :

Update the affected ghostscript package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12302 ()

Bugtraq ID:

CVE ID: CVE-2002-0363