Sunday, March 2, 2008

Security Fix: Ghostscript

Another security fix has been released by the Slackware Security team. This time, ghostscript was found vulnerable, thus being upgraded to the latest version. With this batch of updates, also comes several updates, including gtk+2, pilot-link, hicolor-icon-theme, and also xpdf. Here's the latest -Current changelog
Sun Mar 2 03:34:48 CST 2008
ap/ghostscript-8.62-i486-1.tgz: Upgraded to ghostscript-8.62.
This new release of GPL Ghostscript fixes a buffer overflow.
Thanks very much to ABE Shin-ichi for configuring and testing much improved support for CJK output! :-)
For more information on the security issue, please see:
http://scary.beasts.org/security/CESA-2008-001.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0411
Thanks to Chris Evans and Will Drewry of Google Security for their work on discovering and demonstrating the overflow.
(* Security fix *)

l/gtk+2-2.12.8-i486-2.tgz: Patched to fix Flash in Konqueror.
Thanks to Guido Ascioti for the bug report and fix.

l/hicolor-icon-theme-0.10-noarch-1.tgz: Since XFce adds a few hicolor icons of its own, make sure the hicolor icon-cache is updated at the end of the installation. Thanks to Michael Wagner for the bug report.

l/pilot-link-0.12.3-i486-2.tgz: Fixed missing perl modules and man pages.
Thanks to Ismael Cortes for the report.

xap/xpdf-3.02pl2-i486-2.tgz: Added support for Arabic, simplified and traditional Chinese, Hebrew, Japanese, Korean, Thai, and Turkish (in addition to the Cyrillic, Greek, and Latin2 support that had already been included).
Thanks again to ABE Shin-ichi for configuring Japanese support, providing a supurb example for including all the additional language support. :-)