Mailinglist Archive: opensuse-security (487 mails)
| < Previous | Next > |
Re: [suse-security] Updated packages and ghostview/ghostscript flaws
- From: dproc@xxxxxxx
- Date: Wed, 16 Oct 2002 22:39:23 -0500
- Message-id: <20021016223923.B25309@swanage>
On Mon, 14 Oct 2002, Bonemach wrote:
> Hi
> I recently visited the update-pages of suse and noticed a lot of
> security-related packages that are related to flaws in Ghostview and
> ghostscript.
> Some of these packages I have never heard of (like cmap-adobe or
> CID-keyed-fonts). What are these packages and what is wrong with it? The
> descriptions on the site are not very detailled. Why should I update
> this stuff ?
It seems from the names that they are mostly related to Asian fonts,
and the info files say they are compiled from ghostscript sources
(which of course were just updated for the SAFER bug as the info file says.)
I downloaded one (CMap-Adobe-Identity) to find out more ... and I see
Description :
CMap (Character Map) files for the Adobe-Identity character collection.
but none of the CMap-Adobe nor CID-keyed rpms are on my 7.3
distribution CDs.
I couldn't google any docs (in English) for end-user install and use
of these files -- the closest I got was
http://examples.oreilly.com/cjkvinfo/adobe/00README
so any pointers to docs dumbed down for an anglocentric person who
doesn't know postscript font magic will be welcome
Any way, for now, they are enormous downloads and don't seem to offer
me more than simply updating
ghostscript-x11-6.51-159.i386
Maybe SuSE 7.3 sold in Japan had an extra CD with CJKV gs fonts ??
dproc
> Hi
> I recently visited the update-pages of suse and noticed a lot of
> security-related packages that are related to flaws in Ghostview and
> ghostscript.
> Some of these packages I have never heard of (like cmap-adobe or
> CID-keyed-fonts). What are these packages and what is wrong with it? The
> descriptions on the site are not very detailled. Why should I update
> this stuff ?
It seems from the names that they are mostly related to Asian fonts,
and the info files say they are compiled from ghostscript sources
(which of course were just updated for the SAFER bug as the info file says.)
I downloaded one (CMap-Adobe-Identity) to find out more ... and I see
Description :
CMap (Character Map) files for the Adobe-Identity character collection.
but none of the CMap-Adobe nor CID-keyed rpms are on my 7.3
distribution CDs.
I couldn't google any docs (in English) for end-user install and use
of these files -- the closest I got was
http://examples.oreilly.com/cjkvinfo/adobe/00README
so any pointers to docs dumbed down for an anglocentric person who
doesn't know postscript font magic will be welcome
Any way, for now, they are enormous downloads and don't seem to offer
me more than simply updating
ghostscript-x11-6.51-159.i386
Maybe SuSE 7.3 sold in Japan had an extra CD with CJKV gs fonts ??
dproc
| < Previous | Next > |