[OS X TeX] GhostScript 6 vulnerability (probably no great risk for TeX users)

Gerben Wierda sherlock at rna.nl
Tue Jun 4 17:51:33 EDT 2002



There is a vulnerability in ghostscript below 6.53 (which I distribute 
because of font problems with higher versions on Mac OS X). See

> 	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0363

My personal feeling on this is that if you use ghostscript only for 
creating PDF from PS created by dvips from TeX documents you are not 
very vulnerable, probably unless you use it on documents you got from 
other persons that contain \specials containing arbitrary postscript 
code.

My advice:
	1. Use pdfTeX whenever possible
	2. Use ghostscript 7 when you do not encounter the double-font 
problem with it or use Acrobat instead of Mac OS X native tools for 
display
	3. Do not run ghostscript or a TeX frontend logged in as root
	4. Only worry about this if you compile TeX documents that you have 
not inspected/written yourself.
	5. In case you worry: look at \special commands for .locksafe or 
.setsafe

I will keep distributing gs6.01.

G


-----------------------------------------------------------------
Threaded list archives can be found at:
<http://www.masda.vxu.se/~pku/MacOSX_TeX/>
-----------------------------------------------------------------
To UNSUBSCRIBE, send email to <info at email.esm.psu.edu> with
"unsubscribe macosx-tex" (no quotes) in the body.
For additional HELP, send email to <info at email.esm.psu.edu> with
"help" (no quotes) in the body.
-----------------------------------------------------------------




More information about the MacOSX-TeX mailing list