Updated ghostscript packages that fix a security issue are now available
for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Ghostscript is a program for displaying PostScript files, or printing them
to non-PostScript printers.
Chris Evans from the Google Security Team reported a stack-based buffer
overflow flaw in Ghostscript's zseticcspace() function. An attacker could
create a malicious PostScript file that would cause Ghostscript to execute
arbitrary code when opened. (CVE-2008-0411)
These updated packages also fix a bug, which prevented the pxlmono printer
driver from producing valid output on Red Hat Enterprise Linux 4.
All users of ghostscript are advised to upgrade to these updated packages,
which contain a backported patch to resolve these issues.