[SECURITY] Fedora 14 Update: ghostscript-8.71-16.fc14

updates at fedoraproject.org updates at fedoraproject.org
Tue Oct 12 03:13:54 UTC 2010 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-14549
2010-09-13 18:04:35
--------------------------------------------------------------------------------

Name        : ghostscript
Product     : Fedora 14
Version     : 8.71
Release     : 16.fc14
URL         : http://www.ghostscript.com/
Summary     : A PostScript interpreter and renderer
Description :
Ghostscript is a set of software that provides a PostScript
interpreter, a set of C procedures (the Ghostscript library, which
implements the graphics capabilities in the PostScript language) and
an interpreter for Portable Document Format (PDF) files. Ghostscript
translates PostScript code into many common, bitmapped formats, like
those understood by your printer or screen. Ghostscript is normally
used to display PostScript files and to print PostScript files to
non-PostScript printers.

If you need to display PostScript files or print them to
non-PostScript printers, you should install ghostscript. If you
install ghostscript, you also need to install the ghostscript-fonts
package.

--------------------------------------------------------------------------------
Update Information:

This package fixes a security problem (CVE-2010-2055) in ghostscript whereby gs uses the current working directory to look for certain types of system file. This has been fixed by changing the default behaviour.

Additionally, several other bugs have been fixed: scripts defining GS_EXECUTABLE have been corrected; an epstopdf failure has been fixed; some crashes that could occur in some situations have been fixed; the Fontmap.local file is once again honoured.

Further, the cups driver can now use automatic memory allocation. To enable this feature, put "RIPCache auto" in /etc/cups/cupsd.conf.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #599564 - CVE-2010-2055 Ghostscript: reads initialization files from CWD
        https://bugzilla.redhat.com/show_bug.cgi?id=599564
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update ghostscript' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list