Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 04 Jan 2012 06:56:36 -0500 (EST)
From: Ramon de C Valle <>
Cc: Vincent Danen <>, Tomas Hoger <>
Subject: CVE request: ghostscript: system initialization file uncontrolled search path element

Hi Kurt,

We identified and are separating the bugs discussed in Bug 599564[1] in two
different issues. Can you assign a CVE Identifier to the following issue:

Ghostscript included the current working directory in its library search
path by default. If a user ran Ghostscript without the "-P-" option in an
attacker-controlled directory containing a specially-crafted PostScript
library file, it could cause Ghostscript to execute arbitrary PostScript
code. With this update, Ghostscript no longer searches the current working
directory for library files by default.[1]



Ramon de C Valle / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ