Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Integration
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
  • Red Hat JBoss Data Virtualization
  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager
All Products
Red Hat Product Errata RHSA-2012:0096 - Security Advisory
Issued:
2012-02-02
Updated:
2012-02-02

RHSA-2012:0096 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: ghostscript security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated ghostscript packages that fix two security issues are now available
for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

Ghostscript is a set of software that provides a PostScript interpreter, a
set of C procedures (the Ghostscript library, which implements the graphics
capabilities in the PostScript language) and an interpreter for Portable
Document Format (PDF) files.

Ghostscript included the current working directory in its library search
path by default. If a user ran Ghostscript without the "-P-" option in an
attacker-controlled directory containing a specially-crafted PostScript
library file, it could cause Ghostscript to execute arbitrary PostScript
code. With this update, Ghostscript no longer searches the current working
directory for library files by default. (CVE-2010-4820)

Note: The fix for CVE-2010-4820 could possibly break existing
configurations. To use the previous, vulnerable behavior, run Ghostscript
with the "-P" option (to always search the current working directory
first).

A flaw was found in the way Ghostscript interpreted PostScript Type 1 and
PostScript Type 2 font files. An attacker could create a specially-crafted
PostScript Type 1 or PostScript Type 2 font file that, when interpreted,
could cause Ghostscript to crash or, potentially, execute arbitrary code.
(CVE-2010-4054)

Users of Ghostscript are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

  • BZ - 646086 - CVE-2010-4054 ghostscript: glyph data access improper input validation
  • BZ - 771853 - CVE-2010-4820 ghostscript: CWD included in the default library search path

CVEs

  • CVE-2010-4820
  • CVE-2010-4054

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
ghostscript-7.07-33.13.el4.src.rpm SHA-256: aeca7cb6b7aa01c7b7f1ff460c027ef97d0fc8e0296173ea78459b0f6c0a842c
x86_64
ghostscript-7.07-33.13.el4.i386.rpm SHA-256: edd1b65ccb1ab4bce6bcc686ef9aa5984eb0b1b26254af2d28a197ee2a0d1dc2
ghostscript-7.07-33.13.el4.i386.rpm SHA-256: edd1b65ccb1ab4bce6bcc686ef9aa5984eb0b1b26254af2d28a197ee2a0d1dc2
ghostscript-7.07-33.13.el4.x86_64.rpm SHA-256: 4fcd1baa1912ecbee5b7c8d85e9f1df8b01d7bde04229f4e431eaa67d94a9b7a
ghostscript-7.07-33.13.el4.x86_64.rpm SHA-256: 4fcd1baa1912ecbee5b7c8d85e9f1df8b01d7bde04229f4e431eaa67d94a9b7a
ghostscript-devel-7.07-33.13.el4.x86_64.rpm SHA-256: 5e014545e1c2e4ff16f5b59dd78669896726a78f06ebf85c2911978f0573d801
ghostscript-devel-7.07-33.13.el4.x86_64.rpm SHA-256: 5e014545e1c2e4ff16f5b59dd78669896726a78f06ebf85c2911978f0573d801
ghostscript-gtk-7.07-33.13.el4.x86_64.rpm SHA-256: 980337aa40ba047cf1b954c7e33edce95e522f24cbac7153c84ec3f8d15903a3
ghostscript-gtk-7.07-33.13.el4.x86_64.rpm SHA-256: 980337aa40ba047cf1b954c7e33edce95e522f24cbac7153c84ec3f8d15903a3
ia64
ghostscript-7.07-33.13.el4.i386.rpm SHA-256: edd1b65ccb1ab4bce6bcc686ef9aa5984eb0b1b26254af2d28a197ee2a0d1dc2
ghostscript-7.07-33.13.el4.i386.rpm SHA-256: edd1b65ccb1ab4bce6bcc686ef9aa5984eb0b1b26254af2d28a197ee2a0d1dc2
ghostscript-7.07-33.13.el4.ia64.rpm SHA-256: 8f7fa65f355a8ce3c7ffd3a4cab2319d344a363dffb7b149191337bac97f9ce8
ghostscript-7.07-33.13.el4.ia64.rpm SHA-256: 8f7fa65f355a8ce3c7ffd3a4cab2319d344a363dffb7b149191337bac97f9ce8
ghostscript-devel-7.07-33.13.el4.ia64.rpm SHA-256: 2883b89b65cf80d278fd6968b8f2790797fb7ae4bfec777784cb08ea041fcf52
ghostscript-devel-7.07-33.13.el4.ia64.rpm SHA-256: 2883b89b65cf80d278fd6968b8f2790797fb7ae4bfec777784cb08ea041fcf52
ghostscript-gtk-7.07-33.13.el4.ia64.rpm SHA-256: 020e00c9b2407058d0af4fedbeb23c6b99c25c07a158b0b49ba1c37cb50f5d87
ghostscript-gtk-7.07-33.13.el4.ia64.rpm SHA-256: 020e00c9b2407058d0af4fedbeb23c6b99c25c07a158b0b49ba1c37cb50f5d87
i386
ghostscript-7.07-33.13.el4.i386.rpm SHA-256: edd1b65ccb1ab4bce6bcc686ef9aa5984eb0b1b26254af2d28a197ee2a0d1dc2
ghostscript-7.07-33.13.el4.i386.rpm SHA-256: edd1b65ccb1ab4bce6bcc686ef9aa5984eb0b1b26254af2d28a197ee2a0d1dc2
ghostscript-devel-7.07-33.13.el4.i386.rpm SHA-256: cd18984ae4667295a8c4f8c7a96887434c5d6b68e873f4fca4335a429275c08a
ghostscript-devel-7.07-33.13.el4.i386.rpm SHA-256: cd18984ae4667295a8c4f8c7a96887434c5d6b68e873f4fca4335a429275c08a
ghostscript-gtk-7.07-33.13.el4.i386.rpm SHA-256: bca7d508bacdc35c4f0b4013a1d765fd004df6dde1d6353d27bec6900e6b45e2
ghostscript-gtk-7.07-33.13.el4.i386.rpm SHA-256: bca7d508bacdc35c4f0b4013a1d765fd004df6dde1d6353d27bec6900e6b45e2

Red Hat Enterprise Linux Workstation 4

SRPM
ghostscript-7.07-33.13.el4.src.rpm SHA-256: aeca7cb6b7aa01c7b7f1ff460c027ef97d0fc8e0296173ea78459b0f6c0a842c
x86_64
ghostscript-7.07-33.13.el4.i386.rpm SHA-256: edd1b65ccb1ab4bce6bcc686ef9aa5984eb0b1b26254af2d28a197ee2a0d1dc2
ghostscript-7.07-33.13.el4.x86_64.rpm SHA-256: 4fcd1baa1912ecbee5b7c8d85e9f1df8b01d7bde04229f4e431eaa67d94a9b7a
ghostscript-devel-7.07-33.13.el4.x86_64.rpm SHA-256: 5e014545e1c2e4ff16f5b59dd78669896726a78f06ebf85c2911978f0573d801
ghostscript-gtk-7.07-33.13.el4.x86_64.rpm SHA-256: 980337aa40ba047cf1b954c7e33edce95e522f24cbac7153c84ec3f8d15903a3
ia64
ghostscript-7.07-33.13.el4.i386.rpm SHA-256: edd1b65ccb1ab4bce6bcc686ef9aa5984eb0b1b26254af2d28a197ee2a0d1dc2
ghostscript-7.07-33.13.el4.ia64.rpm SHA-256: 8f7fa65f355a8ce3c7ffd3a4cab2319d344a363dffb7b149191337bac97f9ce8
ghostscript-devel-7.07-33.13.el4.ia64.rpm SHA-256: 2883b89b65cf80d278fd6968b8f2790797fb7ae4bfec777784cb08ea041fcf52
ghostscript-gtk-7.07-33.13.el4.ia64.rpm SHA-256: 020e00c9b2407058d0af4fedbeb23c6b99c25c07a158b0b49ba1c37cb50f5d87
i386
ghostscript-7.07-33.13.el4.i386.rpm SHA-256: edd1b65ccb1ab4bce6bcc686ef9aa5984eb0b1b26254af2d28a197ee2a0d1dc2
ghostscript-devel-7.07-33.13.el4.i386.rpm SHA-256: cd18984ae4667295a8c4f8c7a96887434c5d6b68e873f4fca4335a429275c08a
ghostscript-gtk-7.07-33.13.el4.i386.rpm SHA-256: bca7d508bacdc35c4f0b4013a1d765fd004df6dde1d6353d27bec6900e6b45e2

Red Hat Enterprise Linux Desktop 4

SRPM
ghostscript-7.07-33.13.el4.src.rpm SHA-256: aeca7cb6b7aa01c7b7f1ff460c027ef97d0fc8e0296173ea78459b0f6c0a842c
x86_64
ghostscript-7.07-33.13.el4.i386.rpm SHA-256: edd1b65ccb1ab4bce6bcc686ef9aa5984eb0b1b26254af2d28a197ee2a0d1dc2
ghostscript-7.07-33.13.el4.x86_64.rpm SHA-256: 4fcd1baa1912ecbee5b7c8d85e9f1df8b01d7bde04229f4e431eaa67d94a9b7a
ghostscript-devel-7.07-33.13.el4.x86_64.rpm SHA-256: 5e014545e1c2e4ff16f5b59dd78669896726a78f06ebf85c2911978f0573d801
ghostscript-gtk-7.07-33.13.el4.x86_64.rpm SHA-256: 980337aa40ba047cf1b954c7e33edce95e522f24cbac7153c84ec3f8d15903a3
i386
ghostscript-7.07-33.13.el4.i386.rpm SHA-256: edd1b65ccb1ab4bce6bcc686ef9aa5984eb0b1b26254af2d28a197ee2a0d1dc2
ghostscript-devel-7.07-33.13.el4.i386.rpm SHA-256: cd18984ae4667295a8c4f8c7a96887434c5d6b68e873f4fca4335a429275c08a
ghostscript-gtk-7.07-33.13.el4.i386.rpm SHA-256: bca7d508bacdc35c4f0b4013a1d765fd004df6dde1d6353d27bec6900e6b45e2

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
ghostscript-7.07-33.13.el4.src.rpm SHA-256: aeca7cb6b7aa01c7b7f1ff460c027ef97d0fc8e0296173ea78459b0f6c0a842c
s390x
ghostscript-7.07-33.13.el4.s390.rpm SHA-256: a01e8000d7482c3f734827c261c9cf4cae80ae9b50103f94090b642230938cc6
ghostscript-7.07-33.13.el4.s390x.rpm SHA-256: eb66969056ac21e58f3029fe4a544dc9ea56d160ad2b1391089de92b25a44e6f
ghostscript-devel-7.07-33.13.el4.s390x.rpm SHA-256: 4f75c91c6747515935e0d1b51ffc14b5c9c658025a2c87c3f7547c6d37283436
ghostscript-gtk-7.07-33.13.el4.s390x.rpm SHA-256: d5f7d744fc8ced2af99210b32773a7c4ab14c904accc6afd2a990d7c990d4723
s390
ghostscript-7.07-33.13.el4.s390.rpm SHA-256: a01e8000d7482c3f734827c261c9cf4cae80ae9b50103f94090b642230938cc6
ghostscript-devel-7.07-33.13.el4.s390.rpm SHA-256: 9c5d8eb36a8c1774e080d2900992b4bbadec3b02f7d818ac0b6d0813cf94afb8
ghostscript-gtk-7.07-33.13.el4.s390.rpm SHA-256: b16916a7757f3993193948b8ee763bde650afb2b31856bdbee11884e272bd415

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ghostscript-7.07-33.13.el4.src.rpm SHA-256: aeca7cb6b7aa01c7b7f1ff460c027ef97d0fc8e0296173ea78459b0f6c0a842c
ppc
ghostscript-7.07-33.13.el4.ppc.rpm SHA-256: 35180707811f32cf1481bc8486e861424c18007340a7808e5d9ed4aac7ac2abd
ghostscript-7.07-33.13.el4.ppc64.rpm SHA-256: 190a87dc774b2a7c35b08c675053c797429ca87f6343bdefcbfbdf270f1db84f
ghostscript-devel-7.07-33.13.el4.ppc.rpm SHA-256: e21304602b9fa9b50d04287bc60e2b533fe8075cd2356566dc35d78e2223402d
ghostscript-gtk-7.07-33.13.el4.ppc.rpm SHA-256: 28986429bd02bcb2bc14f3af9f354810dd57b33e47dafd7bdc15dd0d09b95e7e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
Copyright © 2023 Red Hat, Inc.
  • Privacy Statement
  • Customer Portal Terms of Use
  • All Policies and Guidelines
Red Hat Summit
Twitter