+++ This bug was initially created as a clone of Bug #165354 +++ pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-complicit attackers to execute arbitrary commands. The Debian bug report has more information: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757
This issue should also affect FC3
twaugh says we should probably use the -dPARANOIDSAFER to also protect against unwanted reads.
I added the -dPARANOIDSAFER option to the pstopnm. All seems to work fine with this option. It's fixed in rawhide for now.
FC3/FC4 errata for this issue are now out.