New ghostscript packages fixing a command execution vulnerability are now available.
GNU Ghostscript is an interpreter for the PostScript language, and is often used when printing to printers that do not have their own built-in PostScript interpreter. A flaw in unpatched versions of Ghostscript before 7.07 allows malicious postscript files to execute arbitrary commands even with -dSAFER enabled. Note that this vulnerability does not affect Ghostscript when the Red Hat -dPARANOIDSAFER option is used. Therefore, a malicious print job cannot be used to exploit this vulnerability under Red Hat Linux. Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue.