Summary
The remote host is missing an update to ghostscript announced via advisory FEDORA-2009-3709.
Solution
Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update ghostscript' at the command line.
For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-3709
Insight
Update Information:
This update fixes several security flaws: CVE-2009-0792 (multiple integer overflows and missing upper-bounds checks in icclib), CVE-2009-0196 (missing boundary check in jbig2dec library), and CVE-2008-6679 (buffer overflow in pdfwrite device).
ChangeLog:
* Wed Apr 15 2009 Tim Waugh 8.63-6
- Applied patch to fix CVE-2009-0792 (bug #491853).
- Applied patch to fix CVE-2009-0196 (bug #493379).
- Applied patch to fix CVE-2008-6679 (bug #493445).
* Fri Mar 20 2009 Tim Waugh 8.63-5
- Applied patch to fix CVE-2009-0583 (bug #487742) and CVE-2009-0584 (bug #487744).
References
Severity
Classification
-
CVE CVE-2008-6679, CVE-2009-0196, CVE-2009-0583, CVE-2009-0584, CVE-2009-0792 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities