[OS X TeX] GhostScript 6 vulnerability (probably no great risk for TeX users)
Gerben Wierda
sherlock at rna.nl
Tue Jun 4 23:51:33 CEST 2002
There is a vulnerability in ghostscript below 6.53 (which I distribute
because of font problems with higher versions on Mac OS X). See
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0363
My personal feeling on this is that if you use ghostscript only for
creating PDF from PS created by dvips from TeX documents you are not
very vulnerable, probably unless you use it on documents you got from
other persons that contain \specials containing arbitrary postscript
code.
My advice:
1. Use pdfTeX whenever possible
2. Use ghostscript 7 when you do not encounter the double-font
problem with it or use Acrobat instead of Mac OS X native tools for
display
3. Do not run ghostscript or a TeX frontend logged in as root
4. Only worry about this if you compile TeX documents that you have
not inspected/written yourself.
5. In case you worry: look at \special commands for .locksafe or
.setsafe
I will keep distributing gs6.01.
G
-----------------------------------------------------------------
Threaded list archives can be found at:
<http://www.masda.vxu.se/~pku/MacOSX_TeX/>
-----------------------------------------------------------------
To UNSUBSCRIBE, send email to <info at email.esm.psu.edu> with
"unsubscribe macosx-tex" (no quotes) in the body.
For additional HELP, send email to <info at email.esm.psu.edu> with
"help" (no quotes) in the body.
-----------------------------------------------------------------
More information about the macostex-archives
mailing list