HylaFAX The world's most advanced open source fax server

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

[hylafax-users] Ghostscript vulnerability

This shouldn't cause any gross alarm to anyone, but as a security measure all HylaFAX administrators should be aware of a Ghostscript vulnerability announced today on bugtraq. The announcement does not state whether or not the Ghostscript development team has corrected the issue or not, but I do see various distributions coming out with their own patched versions of Ghostscript.

If you would like to follow this, I've started a bugzilla entry with Ghostscript's development team here:


In any case, I would advise all HylaFAX administrators to watch Ghostscript updates for their distributions during the next several days. Update and test HylaFAX (especially sending) afterwards. If you installed Ghostscript from source or from some other place which does not provide updates, then you should keep an eye on that bugzilla entry for a fix or extract and use a patch being used by one of the distributions for this issue.

The vulnerability for HylaFAX deployments is mitigated by the amount of trust in the allowed fax senders. If your sender pool is quite restricted and well-trusted then your exposure is quite limited. If your sender pool is quite open and untrusted (i.e. TPC cells) then you may be at greater risk.



____________________ HylaFAX(tm) Users Mailing List _______________________ To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null *To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*

Project hosted by iFAX Solutions