Yellow Dog Linux Security Advisory: YDU-20020606-4

Dan Burcaw yellowdog-updates@lists.terrasoftsolutions.com
Thu, 6 Jun 2002 20:00:33 -0600 (MDT) 

Yellow Dog Linux Security Announcement
--------------------------------------

Package:	ghostscript		
Issue Date: 	June 06, 2002	
Priority:	medium		
Advisory ID: 	YDU-20020606-4


1. 	Topic:

	Updated ghostscript packages are available.


2. 	Problem:

	"Ghostscript is a program for displaying PostScript files or printing
	them to non-PostScript printers.

	An untrusted PostScript file can cause ghostscript to execute arbitrary
	commands due to insufficient checking. Since ghostscript is often used
	during the course of printing a document (and is run as user 'lp'), all
	users should install these fixed packages.

	The problem is fixed in the 6.53 source release of GNU Ghostscript, and the
	fix has been backported and applied to the packages referenced by this
	advisory.

	The Common Vulnerabilities and Exposures project (cve.mitre.org) has
	assigned the name CAN-2002-0363 to this issue."
	(from Red Hat Advisory)


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install ghostscript printconf

   	b) Updating manually...
   	The update can also be retrieved manually from our ftp site
   	below along with the rpm command that should be used to install
   	the update.  (Please use a mirror site)

   		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/ppc/
		rpm -Fvh ghostscript-6.51-16.2a.ppc.rpm
		rpm -Fvh printconf-0.3.61-4.1.ppc.rpm printconf-gui-0.3.61-4.1.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
ddc5d90a8b44b383ae7f25493823eee6  ppc/printconf-0.3.61-4.1.ppc.rpm
984c9d6813af85e8b124e0f9f709ec4f  ppc/printconf-gui-0.3.61-4.1.ppc.rpm
ba63816e522739225663943ef901705b  ppc/ghostscript-6.51-16.2a.ppc.rpm
4439ace4b4aef8170f280b2c91f8aa08  SRPMS/ghostscript-6.51-16.2a.src.rpm
8aa8f439f6afdf8044404e93ce6e08c3  SRPMS/printconf-0.3.61-4.1.src.rpm

If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_2.2/apt-get.shtml