RHEL 3 : ghostscript (RHSA-2005:081)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated ghostscript packages that fix a PDF output issue and a
temporary file security bug are now available.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

Ghostscript is a program for displaying PostScript files or printing
them to non-PostScript printers.

A bug was found in the way several of Ghostscript's utility scripts
created temporary files. A local user could cause these utilities to
overwrite files that the victim running the utility has write access
to. The Common Vulnerabilities and Exposures project assigned the name
CVE-2004-0967 to this issue.

Additionally, this update addresses the following issue :

A problem has been identified in the PDF output driver, which can
cause output to be delayed indefinitely on some systems. The fix has
been backported from GhostScript 7.07.

All users of ghostscript should upgrade to these updated packages,
which contain backported patches to resolve these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2004-0967.html
http://rhn.redhat.com/errata/RHSA-2005-081.html

Solution :

Update the affected ghostscript, ghostscript-devel and / or hpijs
packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 19827 ()

Bugtraq ID:

CVE ID: CVE-2004-0467
CVE-2004-0967