Yellow Dog Linux Security Advisory: YDU-20020606-4
Dan Burcaw
yellowdog-updates@lists.terrasoftsolutions.com
Thu, 6 Jun 2002 20:00:33 -0600 (MDT)
Yellow Dog Linux Security Announcement
--------------------------------------
Package: ghostscript
Issue Date: June 06, 2002
Priority: medium
Advisory ID: YDU-20020606-4
1. Topic:
Updated ghostscript packages are available.
2. Problem:
"Ghostscript is a program for displaying PostScript files or printing
them to non-PostScript printers.
An untrusted PostScript file can cause ghostscript to execute arbitrary
commands due to insufficient checking. Since ghostscript is often used
during the course of printing a document (and is run as user 'lp'), all
users should install these fixed packages.
The problem is fixed in the 6.53 source release of GNU Ghostscript, and the
fix has been backported and applied to the packages referenced by this
advisory.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0363 to this issue."
(from Red Hat Advisory)
3. Solution:
a) Updating via apt...
We suggest that you use the apt-get program to keep your
system up-to-date. The following command(s) will retrieve
and install the fixed version of this update onto your system:
apt-get update
apt-get install ghostscript printconf
b) Updating manually...
The update can also be retrieved manually from our ftp site
below along with the rpm command that should be used to install
the update. (Please use a mirror site)
ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.2/ppc/
rpm -Fvh ghostscript-6.51-16.2a.ppc.rpm
rpm -Fvh printconf-0.3.61-4.1.ppc.rpm printconf-gui-0.3.61-4.1.ppc.rpm
4. Verification
MD5 checksum Package
-------------------------------- ----------------------------
ddc5d90a8b44b383ae7f25493823eee6 ppc/printconf-0.3.61-4.1.ppc.rpm
984c9d6813af85e8b124e0f9f709ec4f ppc/printconf-gui-0.3.61-4.1.ppc.rpm
ba63816e522739225663943ef901705b ppc/ghostscript-6.51-16.2a.ppc.rpm
4439ace4b4aef8170f280b2c91f8aa08 SRPMS/ghostscript-6.51-16.2a.src.rpm
8aa8f439f6afdf8044404e93ce6e08c3 SRPMS/printconf-0.3.61-4.1.src.rpm
If you wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename
5. Misc.
Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.yellowdoglinux.com/ for more
information.
For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_2.2/apt-get.shtml