Ghostscript is a set of software that provides a PostScript interpreter, aset of C procedures (the Ghostscript library, which implements the graphicscapabilities in the PostScript language) and an interpreter for PortableDocument Format (PDF) files.Ghostscript included the current working directory in its library searchpath by default. If a user ran Ghostscript without the "-P-" option in anattacker-controlled directory containing a specially-crafted PostScriptlibrary file, it could cause Ghostscript to execute arbitrary PostScriptcode. With this update, Ghostscript no longer searches the current workingdirectory for library files by default. (CVE-2010-4820)Note: The fix for CVE-2010-4820 could possibly break existingconfigurations. To use the previous, vulnerable behavior, run Ghostscriptwith the "-P" option (to always search the current working directoryfirst).A flaw was found in the way Ghostscript interpreted PostScript Type 1 andPostScript Type 2 font files. An attacker could create a specially-craftedPostScript Type 1 or PostScript Type 2 font file that, when interpreted,could cause Ghostscript to crash or, potentially, execute arbitrary code.(CVE-2010-4054)Users of Ghostscript are advised to upgrade to these updated packages,which contain backported patches to correct these issues.