openSUSE Security Update: ghostscript security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:0451-1 Rating: important References: #559122 #605043 #608071 Cross-References: CVE-2010-2055 Affected Products: openSUSE 11.3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: ghostscript by default read some initialization files from the current working directory. Local attackers could potentially exploit that to have other users execute arbitrary commands by placing such files e.g. in /tmp (CVE-2010-2055). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.3: zypper in -t patch ghostscript-devel-2726 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.3 (i586 src x86_64): ghostscript-library-8.70-15.1.1 - openSUSE 11.3 (i586 x86_64): ghostscript-devel-8.70-15.1.1 ghostscript-fonts-other-8.70-15.1.1 ghostscript-fonts-rus-8.70-15.1.1 ghostscript-fonts-std-8.70-15.1.1 ghostscript-ijs-devel-8.70-15.1.1 ghostscript-omni-8.70-15.1.1 ghostscript-x11-8.70-15.1.1 libgimpprint-4.2.7-15.1.1 libgimpprint-devel-4.2.7-15.1.1 References: http://support.novell.com/security/cve/CVE-2010-2055.html https://bugzilla.novell.com/559122 https://bugzilla.novell.com/605043 https://bugzilla.novell.com/608071