=========================================================== Ubuntu Security Notice USN-501-2 October 22, 2007 ghostscript, gs-gpl vulnerability CVE-2007-2721 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.10: gs-gpl 8.50-1.1ubuntu1.1 Ubuntu 7.04: gs-gpl 8.54.dfsg.1-5ubuntu0.1 Ubuntu 7.10: libgs8 8.61.dfsg.1~svn8187-0ubuntu3.2 In general, a standard system upgrade is sufficient to affect the necessary changes. Details follow: USN-501-1 fixed vulnerabilities in Jasper. This update provides the corresponding update for the Jasper internal to Ghostscript. Original advisory details: It was discovered that Jasper did not correctly handle corrupted JPEG2000 images. By tricking a user into opening a specially crafted JPG, a remote attacker could cause the application using libjasper to crash, resulting in a denial of service. Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1.diff.gz Size/MD5: 67825 24c3ba47de3d515ca06c2495bb392a7a http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1.dsc Size/MD5: 807 4eefa78e5095f42b9c5d494cf09428ef http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50.orig.tar.gz Size/MD5: 9981486 661cacc387fb908f434bfbf5eef5c0ce Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs_8.50-1.1ubuntu1.1_all.deb Size/MD5: 15070 fafff8ca5d1227f2b4b5c4fb226d39db amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1_amd64.deb Size/MD5: 3059950 e620f666142763b52140daa9726e449c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1_i386.deb Size/MD5: 2939748 04aa794409aceaac179d49ae87aee724 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1_powerpc.deb Size/MD5: 3055134 d205d74f25f95573dda3e21daebd623b sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1_sparc.deb Size/MD5: 2892774 6026412a02292a0a2a09b8749482087a Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1.diff.gz Size/MD5: 216563 5d9d6b6e7c2cb60324b8b22f814d2c1d http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1.dsc Size/MD5: 921 a79422b4b4da56292eb4a676a7c8a55c http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1.orig.tar.gz Size/MD5: 11695732 05938e26bfa8769e28cf2bb38efd9673 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs_8.54.dfsg.1-5ubuntu0.1_all.deb Size/MD5: 14476 73c8db82eb25a3fd7a0eaf4bfa00cf31 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1_amd64.deb Size/MD5: 5596628 2b28fd56fd5e92f957a62fb732f19051 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1_i386.deb Size/MD5: 5475346 991fc73a4134e80597aa43cc3bf94c6a powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1_powerpc.deb Size/MD5: 5598588 f4a3003bd4091995d9e810c466bfaf5f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1_sparc.deb Size/MD5: 5435454 674583e8010623b9a1bb2bb77c210b8d Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2.diff.gz Size/MD5: 41503 36559042166113bc1ae4517061b84a95 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2.dsc Size/MD5: 1223 e2ba739ac7a01b16ce4155f4cc40f09f http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187.orig.tar.gz Size/MD5: 11689594 7eadf4f53880e96a3846bd318a19d4c6 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-doc_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb Size/MD5: 2642016 fd3966dd9c8bfcdbf2baae653c45016b http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-esp-x_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb Size/MD5: 17988 7fbd17c2e97569bf9f421347cc9222a0 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-gpl_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb Size/MD5: 17986 7bcda0db9d9a35e0f33cd4c678e7127b http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb Size/MD5: 17978 50a88cbff15db43a130d1aac36ccae0e http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-esp-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb Size/MD5: 17996 ac5838f0de794084c51cb91067dcb94a http://security.ubuntu.com/ubuntu/pool/multiverse/g/ghostscript/gs-aladdin_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb Size/MD5: 17990 2a4b815e3a1ae3020ed5c197e23ccfef http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-common_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb Size/MD5: 17992 6b69c66e0197873188effa331e6bd609 http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb Size/MD5: 17984 7e4fcdd09587d654d1bfc9a936b811dd amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1~svn8187-0ubuntu3.2_amd64.deb Size/MD5: 52624 b3570401d8a6ba5f329941c9638e25fb http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2_amd64.deb Size/MD5: 744174 f729d0fc6175826b154ae6784783956a http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_amd64.deb Size/MD5: 26168 2ced73ab1d71a6cd845b6ddc8cbefe21 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1~svn8187-0ubuntu3.2_amd64.deb Size/MD5: 2274258 d9f7c3547d7c4aadba00bc87a169ec6d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1~svn8187-0ubuntu3.2_i386.deb Size/MD5: 50944 d1f38c478568ad6faae8854ba21ad1b6 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2_i386.deb Size/MD5: 744088 0e408d5f43dfef4b4f34c3f3e482890b http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_i386.deb Size/MD5: 26166 fc555aca9cf72e07794b5f4285e7d37e http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1~svn8187-0ubuntu3.2_i386.deb Size/MD5: 2204436 6e2c8b208a144e3118d382be009fa2ee powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1~svn8187-0ubuntu3.2_powerpc.deb Size/MD5: 55926 2bf8c133c40b6272e00894a6733cb510 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2_powerpc.deb Size/MD5: 746418 a72d38818d3d8ee9e99dcd48537686a7 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_powerpc.deb Size/MD5: 26170 6daabc5a355d3ee00db2d61d7fabecaf http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1~svn8187-0ubuntu3.2_powerpc.deb Size/MD5: 2385980 d73b8d7f809757a7032462d4e84cca86 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1~svn8187-0ubuntu3.2_sparc.deb Size/MD5: 49962 ba32df2140be502377d97c61e09226a4 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2_sparc.deb Size/MD5: 744174 c17b090ca55a7e8474f83f73a9d4ad42 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_sparc.deb Size/MD5: 26170 84cdfccd6c4bcb264b936ba4257422a1 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1~svn8187-0ubuntu3.2_sparc.deb Size/MD5: 2185664 86158a2dd15d556b7bffde1bbaba1b09
Attachment:
signature.asc
Description: Digital signature