Sponsored link
Serve your customers, not your servers, with VERIO Linux VPS. Full-access test-drive here.
| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
Fedora alert FEDORA-2008-1998 (ghostscript)
| From: | updates@fedoraproject.org | |
| To: | fedora-package-announce@redhat.com | |
| Subject: | [SECURITY] Fedora 8 Update: ghostscript-8.61-8.fc8 | |
| Date: | Mon, 03 Mar 2008 18:24:29 +0000 | |
| Message-ID: | <200803031825.m23IOaG7007599@bastion.fedora.phx.redhat.com> |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2008-1998 2008-03-03 17:58:44 -------------------------------------------------------------------------------- Name : ghostscript Product : Fedora 8 Version : 8.61 Release : 8.fc8 URL : http://www.ghostscript.com/ Summary : A PostScript(TM) interpreter and renderer. Description : Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. If you need to display PostScript files or print them to non-PostScript printers, you should install ghostscript. If you install ghostscript, you also need to install the ghostscript-fonts package. -------------------------------------------------------------------------------- Update Information: This update contains a back-ported fix for a security issue that allows malicious PostScript input files to cause a stack-based buffer overflow (CVE-2008-0411). This update also restores JPEG2000 support. -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 27 2008 Tim Waugh <twaugh@redhat.com> 8.61-8 - Applied patch to fix CVE-2008-0411 (bug #431536). * Fri Feb 22 2008 Tim Waugh <twaugh@redhat.com> 8.61-7 - Build with jasper again (bug #433897). Build requires jasper-devel, and a patch to remove jas_set_error_cb reference. * Mon Jan 28 2008 Tim Waugh <twaugh@redhat.com> 8.61-6 - Don't build with jasper support. - Remove bundled libraries. * Tue Dec 11 2007 Tim Waugh <twaugh@redhat.com> 8.61-5 - Applied upstream patch for bug #416321. * Fri Nov 30 2007 Tim Waugh <twaugh@redhat.com> 8.61-4 - Fixed runlibfileifexists patch. * Fri Nov 30 2007 Tim Waugh <twaugh@redhat.com> 8.61-3 - Revert previous change, but define .runlibfileifexists not just runlibfileifexists. * Thu Nov 29 2007 Tim Waugh <twaugh@redhat.com> 8.61-2 - Fixed cidfmap (bug #402481). * Wed Nov 28 2007 Tim Waugh <twaugh@redhat.com> 8.61-1 - 8.61 (bug #402481). - Build with --disable-compile-inits (bug #402501). - Add %{_datadir}/fonts to fontpath (bug #402481). - Restore the cidfmap-switching bits (bug #402481). -------------------------------------------------------------------------------- References: [ 1 ] Bug #431536 - CVE-2008-0411 ghostscript: stack-based buffer overflow in .seticcspace operator https://bugzilla.redhat.com/show_bug.cgi?id=431536 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update ghostscript' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at http://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-ann...
(Log in to post comments)