Ghostscript included the current working directory in its library search path by default. If a user ran Ghostscript without the "-P-" option in an attacker-controlled directory containing a specially-crafted PostScript library file, it could cause Ghostscript to execute arbitrary PostScript code. With this update, Ghostscript no longer searches the current working directory for library files by default. (CVE-2010-4820) Note: The fix for CVE-2010-4820 could possibly break existing configurations. To use the previous, vulnerable behavior, run Ghostscript with the "-P" option (to always search the current working directory first).
This issue was originally tracked with CVE-2010-2055 via bug #599564. It got a separate CVE id, as it is separate issue, see e.g.: http://thread.gmane.org/gmane.comp.security.oss.general/2973/focus=3354 Issue was tracked upstream in: http://bugs.ghostscript.com/show_bug.cgi?id=691339 Following upstream commit changes ghostscript's default to not include CWD in the library search path by default (SEARCH_HERE_FIRST=0 if the default now): http://svn.ghostscript.com/viewvc?view=rev&revision=11494 Flaw type: CWE-427: Uncontrolled Search Path Element http://cwe.mitre.org/data/definitions/427.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2012:0096 https://rhn.redhat.com/errata/RHSA-2012-0096.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:0095 https://rhn.redhat.com/errata/RHSA-2012-0095.html