Scientific Linux Security Update : ghostscript on SL3.x, SL4.x, SL5.x i386/x86_64
High Nessus Plugin ID 60549
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionMultiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in Ghostscript's International Color Consortium Format library (icclib). Using specially crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images which could cause Ghostscript to crash, or, potentially, execute arbitrary code when opened by the victim. (CVE-2009-0583, CVE-2009-0584)
SolutionUpdate the affected packages.