-----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                     ESB-2001.472 -- RHSA-2001:112-07
                 Printing exposes system files to reading.
                              7 November 2001

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                ghostscript
Vendor:                 Red Hat
Operating System:       Red Hat Linux 5.2
                        Red Hat Linux 6.2
                        Red Hat Linux 6.2J
                        Red Hat Linux 7.0
                        Red Hat Linux 7.0J
                        Red Hat Linux 7.1
Platform:               Alpha
                        i386
                        IA-64
                        Sparc
Impact:                 Access Privileged Data
Access Required:        Existing Account

- --------------------------BEGIN INCLUDED TEXT--------------------

- ---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Printing exposes system files to reading.
Advisory ID:       RHSA-2001:112-07
Issue date:        2001-09-24
Updated on:        2001-10-25
Product:           Red Hat Linux
Keywords:          Ghostscript lpr LPRng printing
Cross references:  
Obsoletes:         
- ---------------------------------------------------------------------

1. Topic:

When used in a spooling environment, it is inappropriate to allow programs
to read arbitrary files as a result of print requests. Ghostscript, a
postscript interpreter, can read arbitrary system files with the same
permissions as the print spooler, potentially exposing the system to an
information compromise.

2. Relevant releases/architectures:

Red Hat Linux 5.2 - alpha, i386, noarch, sparc

Red Hat Linux 6.2 - alpha, i386, noarch, sparc

Red Hat Linux 6.2J - i386, noarch

Red Hat Linux 7.0 - alpha, i386, noarch

Red Hat Linux 7.0J - i386, noarch

Red Hat Linux 7.1 - alpha, i386, ia64

3. Problem description:

Ghostscript, a postscript interpreter, possess various 'file', 'run',
etc., commands internally. It also provides a -dSAFER flag to restrict the
use of the commands. However, the -dSAFER flag is meant to protect a user
from malicious postscript, not to protect a system from inappropriate
snooping by a user, and so it is still possible to _read_ files in the
SAFER mode.

In a print spooling context, even reading arbitrary files is dangerous, and
so this needs to be disabled in that context.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

After updating the packages, the spool filter will have to be repaired to
use the -dPARANOIDSAFER mode, IF and only IF you have modified the spools
from what printtool provided. If this is the case, delete the spool queue,
and simply re-add it.

Custom filters and processes can make use of this mode by setting and
exporting the GS_OPTIONS environment variable to contain -dPARANOIDSAFER,
or by adding -dPARANOIDSAFER to the command line call to ghostscript.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):



6. RPMs required:

Red Hat Linux 5.2:

SRPMS:
ftp://updates.redhat.com/5.2/en/os/SRPMS/ghostscript-4.03-4.src.rpm
ftp://updates.redhat.com/5.2/en/os/SRPMS/printtool-3.29-4.src.rpm
ftp://updates.redhat.com/5.2/en/os/SRPMS/rhs-printfilters-1.46-5.src.rpm

alpha:
ftp://updates.redhat.com/5.2/en/os/alpha/ghostscript-4.03-4.alpha.rpm
ftp://updates.redhat.com/5.2/en/os/alpha/rhs-printfilters-1.46-5.alpha.rpm

i386:
ftp://updates.redhat.com/5.2/en/os/i386/ghostscript-4.03-4.i386.rpm
ftp://updates.redhat.com/5.2/en/os/i386/rhs-printfilters-1.46-5.i386.rpm

noarch:
ftp://updates.redhat.com/5.2/en/os/noarch/printtool-3.29-4.noarch.rpm

sparc:
ftp://updates.redhat.com/5.2/en/os/sparc/ghostscript-4.03-4.sparc.rpm
ftp://updates.redhat.com/5.2/en/os/sparc/rhs-printfilters-1.46-5.sparc.rpm

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/ghostscript-5.50-19.rh6.2.src.rpm
ftp://updates.redhat.com/6.2/en/os/SRPMS/printtool-3.44-2.src.rpm
ftp://updates.redhat.com/6.2/en/os/SRPMS/rhs-printfilters-1.63-2.rh6.2.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/ghostscript-5.50-19.rh6.2.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/rhs-printfilters-1.63-2.rh6.2.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/ghostscript-5.50-19.rh6.2.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/rhs-printfilters-1.63-2.rh6.2.i386.rpm

noarch:
ftp://updates.redhat.com/6.2/en/os/noarch/printtool-3.44-2.noarch.rpm

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/ghostscript-5.50-19.rh6.2.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/rhs-printfilters-1.63-2.rh6.2.sparc.rpm

Red Hat Linux 6.2J:

SRPMS:
ftp://updates.redhat.com/6.2J/ja/os/SRPMS/ghostscript-5.50-19.rh6.2j.src.rpm
ftp://updates.redhat.com/6.2J/ja/os/SRPMS/printtool-3.42-4.src.rpm
ftp://updates.redhat.com/6.2J/ja/os/SRPMS/rhs-printfilters-1.63-2.rh6.2j.src.rpm

i386:
ftp://updates.redhat.com/6.2J/ja/os/i386/ghostscript-5.50-19.rh6.2j.i386.rpm
ftp://updates.redhat.com/6.2J/ja/os/i386/rhs-printfilters-1.63-2.rh6.2j.i386.rpm

noarch:
ftp://updates.redhat.com/6.2J/ja/os/noarch/printtool-3.42-4.noarch.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/ghostscript-5.50-19.rh7.0.src.rpm
ftp://updates.redhat.com/7.0/en/os/SRPMS/printtool-3.54-2.src.rpm
ftp://updates.redhat.com/7.0/en/os/SRPMS/rhs-printfilters-1.81-2.rh7.0.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/ghostscript-5.50-19.rh7.0.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/rhs-printfilters-1.81-2.rh7.0.alpha.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/ghostscript-5.50-19.rh7.0.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/rhs-printfilters-1.81-2.rh7.0.i386.rpm

noarch:
ftp://updates.redhat.com/7.0/en/os/noarch/printtool-3.54-2.noarch.rpm

Red Hat Linux 7.0J:

SRPMS:
ftp://updates.redhat.com/7.0J/ja/os/SRPMS/printtool-3.54-2j.src.rpm
ftp://updates.redhat.com/7.0J/ja/os/SRPMS/rhs-printfilters-1.81-2.rh7.0j.src.rpm

i386:
ftp://updates.redhat.com/7.0J/ja/os/i386/rhs-printfilters-1.81-2.rh7.0j.i386.rpm

noarch:
ftp://updates.redhat.com/7.0J/ja/os/noarch/printtool-3.54-2j.noarch.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/ghostscript-5.50-19.rh7.1.src.rpm
ftp://updates.redhat.com/7.1/en/os/SRPMS/printconf-0.2.15-2.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/ghostscript-5.50-19.rh7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/printconf-0.2.15-2.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/printconf-gui-0.2.15-2.alpha.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/ghostscript-5.50-19.rh7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/printconf-0.2.15-2.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/printconf-gui-0.2.15-2.i386.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/ghostscript-5.50-19.rh7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/printconf-0.2.15-2.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/printconf-gui-0.2.15-2.ia64.rpm



7. Verification:

MD5 sum                           Package Name
- --------------------------------------------------------------------------
1e2e4ac0ea5e8dd82b2e1d36b79c34f2 5.2/en/os/SRPMS/ghostscript-4.03-4.src.rpm
9909205f309ddb5e065be9c1320dd8b1 5.2/en/os/SRPMS/printtool-3.29-4.src.rpm
4e81383b18e4a8a20f073ab0f9e05503 5.2/en/os/SRPMS/rhs-printfilters-1.46-5.src.rpm
e5b9efa88914c71b24295af6211b3efd 5.2/en/os/alpha/ghostscript-4.03-4.alpha.rpm
028d6a97fe5df29c997590f54f52be44 5.2/en/os/alpha/rhs-printfilters-1.46-5.alpha.rpm
0ab69b43209d09741f6d044746eb241e 5.2/en/os/i386/ghostscript-4.03-4.i386.rpm
ed616c9006187c81fa97cab003848c44 5.2/en/os/i386/rhs-printfilters-1.46-5.i386.rpm
ae34fdede9dec34e147773083d6044bc 5.2/en/os/noarch/printtool-3.29-4.noarch.rpm
10d6eea0b77c170d52a45b891f2359e0 5.2/en/os/sparc/ghostscript-4.03-4.sparc.rpm
31d64375dc91fd7454c03314440e359b 5.2/en/os/sparc/rhs-printfilters-1.46-5.sparc.rpm
248661d383b62af3d3208ef430bbb523 6.2/en/os/SRPMS/ghostscript-5.50-19.rh6.2.src.rpm
3938d1c2b436e06990b4853cd721da4f 6.2/en/os/SRPMS/printtool-3.44-2.src.rpm
e6023c6d823bf32d6abfa2e7d0b0fe45 6.2/en/os/SRPMS/rhs-printfilters-1.63-2.rh6.2.src.rpm
e631891fce4cec7e2dc0121b68d3f738 6.2/en/os/alpha/ghostscript-5.50-19.rh6.2.alpha.rpm
43ad46318ba1d69eeecd214657b18a30 6.2/en/os/alpha/rhs-printfilters-1.63-2.rh6.2.alpha.rpm
d4272031c27f633bc34dd4b451381ab8 6.2/en/os/i386/ghostscript-5.50-19.rh6.2.i386.rpm
cc108d061650e5cce2ded7439f408f18 6.2/en/os/i386/rhs-printfilters-1.63-2.rh6.2.i386.rpm
94a95c0be1a72b173b6d51f8096b8e58 6.2/en/os/noarch/printtool-3.44-2.noarch.rpm
9fbaaee462404c30775cd2e9bc0adbd5 6.2/en/os/sparc/ghostscript-5.50-19.rh6.2.sparc.rpm
26ccc02bef27497bd967dd28c74c01f2 6.2/en/os/sparc/rhs-printfilters-1.63-2.rh6.2.sparc.rpm
8f8714585f711b8b8bc1c2cd783472a1 6.2J/ja/os/SRPMS/ghostscript-5.50-19.rh6.2j.src.rpm
e191a1a78b5bdf916bcacb5c21419471 6.2J/ja/os/SRPMS/printtool-3.42-4.src.rpm
a67f631e55af86b229a1d731df3bf3d6 6.2J/ja/os/SRPMS/rhs-printfilters-1.63-2.rh6.2j.src.rpm
2cbad9d8965365ba8704ff728e32b2ca 6.2J/ja/os/i386/ghostscript-5.50-19.rh6.2j.i386.rpm
4c929d275733e10b5b17b34916eb2e85 6.2J/ja/os/i386/rhs-printfilters-1.63-2.rh6.2j.i386.rpm
c5c8e9ff4171a3eb69b9e17724015345 6.2J/ja/os/noarch/printtool-3.42-4.noarch.rpm
5db34e8b133397de814eb9aac4b9eb49 7.0/en/os/SRPMS/ghostscript-5.50-19.rh7.0.src.rpm
b74adc24a474d17db984da3ddc3eb3b1 7.0/en/os/SRPMS/printtool-3.54-2.src.rpm
2824a0c17f97c758ef503c97d55839c7 7.0/en/os/SRPMS/rhs-printfilters-1.81-2.rh7.0.src.rpm
85ded059428a30beec706275906aaad4 7.0/en/os/alpha/ghostscript-5.50-19.rh7.0.alpha.rpm
7fc94c195c1bdb9548aa44413ee8a46b 7.0/en/os/alpha/rhs-printfilters-1.81-2.rh7.0.alpha.rpm
4853a8a763df075ab5fdfee5121855fe 7.0/en/os/i386/ghostscript-5.50-19.rh7.0.i386.rpm
e21256ce9c79052b97aee1a3f24bb53b 7.0/en/os/i386/rhs-printfilters-1.81-2.rh7.0.i386.rpm
ea13fc93f0346f87f70763a7cf2dd645 7.0/en/os/noarch/printtool-3.54-2.noarch.rpm
2571c3d15b6bc025ea5faa5a84c7417f 7.0J/ja/os/SRPMS/printtool-3.54-2j.src.rpm
2c40f9f8934e3925671f09d69c33874f 7.0J/ja/os/SRPMS/rhs-printfilters-1.81-2.rh7.0j.src.rpm
1265517c73da2aae204cdc207b03443a 7.0J/ja/os/i386/rhs-printfilters-1.81-2.rh7.0j.i386.rpm
afb8db5574e0f668675565b994d9a69a 7.0J/ja/os/noarch/printtool-3.54-2j.noarch.rpm
166bdd66ca50f93a339511f3f3e9d2e6 7.1/en/os/SRPMS/ghostscript-5.50-19.rh7.1.src.rpm
3d2ec6dc7e1479eff9c1850d13b0306e 7.1/en/os/SRPMS/printconf-0.2.15-2.src.rpm
ebb20c363cbf63112f515af2153d2e59 7.1/en/os/alpha/ghostscript-5.50-19.rh7.1.alpha.rpm
a0dfc995d0648230e1648f616010904b 7.1/en/os/alpha/printconf-0.2.15-2.alpha.rpm
c5f127f4ab3a2964d8d4fa990c8a5d66 7.1/en/os/alpha/printconf-gui-0.2.15-2.alpha.rpm
aab6f7a301909bb2eae04d5ab7b87d5d 7.1/en/os/i386/ghostscript-5.50-19.rh7.1.i386.rpm
a2b7f27e31b71218703cb68f95355e24 7.1/en/os/i386/printconf-0.2.15-2.i386.rpm
b20e1817f9b81ba5503c9864588e2f92 7.1/en/os/i386/printconf-gui-0.2.15-2.i386.rpm
591db681b2312d5101e3a97e4ad26b6d 7.1/en/os/ia64/ghostscript-5.50-19.rh7.1.ia64.rpm
274bbba826571dccae6dbda1f6a73d37 7.1/en/os/ia64/printconf-0.2.15-2.ia64.rpm
19aeb3b64f695b6f0343661173fff3d5 7.1/en/os/ia64/printconf-gui-0.2.15-2.ia64.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:




Copyright(c) 2000, 2001 Red Hat, Inc.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content.  The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

	http://www.auscert.org.au/Information/advisories.html

If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).

Internet Email: auscert@auscert.org.au
Facsimile:	(07) 3365 7031
Telephone:	(07) 3365 4417 (International: +61 7 3365 4417)
		AusCERT personnel answer during Queensland business hours
		which are GMT+10:00 (AEST).
		On call after hours for emergencies.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBO+ls+yh9+71yA2DNAQFetwP8DWJu4fVZRcu3WFSmiIJgQKIe29zp8ZPJ
WCdotTcwRAMEbaIFyivjNQxnqGEBgZJsmvYrJwsbD6nZWLNZj7VsNonfRi7UV86V
JpnhI8ZakpKlJPyWPGKGstRc6uyR+ChI8+XmTncfXNnQ82ByioT9p7pNEb0TgLgB
qCrGq4eS20Q=
=2L9X
-----END PGP SIGNATURE-----