RHBA-2009:1257 - Bug Fix Advisory

Topic

A ghostscript update that fixes several bugs is now available.

Description

The Ghostscript suite provides a PostScript(TM) interpreter, a set of C
procedures (the Ghostscript library, which implements the graphics
capabilities in the PostScript language), and an interpreter for PDF files.
Ghostscript translates PostScript code into many common, bitmapped formats,
like those understood by most printers and displays. This enables users to
display PostScript files and print them on non-PostScript printers.

This update applies the following fixes:

• an incorrect offset computation that occurred when handling subglyphs

made it possible for ghostscript to read uninitialized data. When this
occurred, ghostscript would crash with a segmentation fault. This update
corrects the offset computation, preventing ghostscript from reading
uninitialized data. (BZ#450717)

• the way that the Ghostscript source code used pointer aliasing could

produce unexpected results when strict aliasing optimizations are in use.
To avoid problems, this ghostscript update was built using the

• fno-strict-aliasing option, which disables strict aliasing optimization.

(BZ#465960)

• a typographical error in the gsiparam.h header file made it possible for

some PDF files to cause ghostscript to fall into an infinite loop. This
update fixes the error. (BZ#473889)

• the gdevpsu.c source file incorrectly defined the point size of A3 pages,

which sometimes resulted in incorrect document page sizes. This update
fixes the point size definition error , ensuring that A3 pages are always
printed with the correct size. (BZ#480978)

• this update corrects how the cvrs PostScript operator performs sign

extensions. This fix prevents range errors from occurring on 64-bit
platforms. (BZ#488127)

• this update also fixes ColorSpace initialization in the InkJet Server

(IJS) driver, which is used by hpijs and gimp-print drivers in some
configurations. In previous releases, print jobs that did not initialize
ColorSpace failed whenever they used Ghostscript to render and print PDFs
on devices that used the ijs driver. (BZ#504254)

Users of ghostscript are advised to apply this update.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 450717 - ghostscript segfaults, can't print
• BZ - 465960 - build with -fno-strict-aliasing
• BZ - 473889 - ghostscript hangs on some PDF files
• BZ - 480978 - A3 pagesize pointsize definition wrong in gdevpsu.c
• BZ - 488127 - [RHEL5] ghostscript /rangecheck in --cvrs--

CVEs

(none)

References

(none)