[ MDVSA-2008:055 ] - Updated ghostscript packages fix arbitrary code execution vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:055
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ghostscript
Date : February 29, 2008
Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
Chris Evans found a buffer overflow condition in Ghostscript, which can
lead to arbitrary code execution as the user running any application
using it to process a maliciously crafted Postscript file.
The updated packages have been patched to prevent this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0411
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
adc368d980c87e91a980e485fb4e354d
2007.0/i586/ghostscript-8.15-47.1mdv2007.0.i586.rpm
f46e26b01e4680e08df41f74aeb72f74
2007.0/i586/ghostscript-X-8.15-47.1mdv2007.0.i586.rpm
868b81c842717472ee1c6b3e968b9299
2007.0/i586/ghostscript-common-8.15-47.1mdv2007.0.i586.rpm
59e54a2acbba194ef3e322db75fb3eae
2007.0/i586/ghostscript-dvipdf-8.15-47.1mdv2007.0.i586.rpm
03393c9564dfe104169618f8132e76c7
2007.0/i586/ghostscript-module-X-8.15-47.1mdv2007.0.i586.rpm
476b2b85012f5671577f691981b70cb6
2007.0/i586/libgs8-8.15-47.1mdv2007.0.i586.rpm
edaca05744d4e3e06ece218f096d318b
2007.0/i586/libgs8-devel-8.15-47.1mdv2007.0.i586.rpm
4f3095b54b404cb51a351b8fd36a58c6
2007.0/i586/libijs1-0.35-47.1mdv2007.0.i586.rpm
4fc99d3d1365a0f64e8828c0389396e2
2007.0/i586/libijs1-devel-0.35-47.1mdv2007.0.i586.rpm
e87895f43a658ff693dd890f70cac645
2007.0/SRPMS/ghostscript-8.15-47.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
0258f184c3bec2d9361a8ef20def2603
2007.0/x86_64/ghostscript-8.15-47.1mdv2007.0.x86_64.rpm
ecd4058e54b39c09ec7c5d4ab7cd8e6b
2007.0/x86_64/ghostscript-X-8.15-47.1mdv2007.0.x86_64.rpm
cc0f588e9b3abbed1f04296410361ad2
2007.0/x86_64/ghostscript-common-8.15-47.1mdv2007.0.x86_64.rpm
d3a23bc6a83a50a04336757f856df761
2007.0/x86_64/ghostscript-dvipdf-8.15-47.1mdv2007.0.x86_64.rpm
916ea2a068afaf69a8dcb182ae409098
2007.0/x86_64/ghostscript-module-X-8.15-47.1mdv2007.0.x86_64.rpm
ab38b291e058f0fe93b35d647845d696
2007.0/x86_64/lib64gs8-8.15-47.1mdv2007.0.x86_64.rpm
35c21066635384bc779d7191421dbdec
2007.0/x86_64/lib64gs8-devel-8.15-47.1mdv2007.0.x86_64.rpm
565329aff7352e288bd013255a8ab2c0
2007.0/x86_64/lib64ijs1-0.35-47.1mdv2007.0.x86_64.rpm
5e9b515501e6cd3c85bba86e124f709d
2007.0/x86_64/lib64ijs1-devel-0.35-47.1mdv2007.0.x86_64.rpm
e87895f43a658ff693dd890f70cac645
2007.0/SRPMS/ghostscript-8.15-47.1mdv2007.0.src.rpm
Mandriva Linux 2007.1:
8fcddc25006640ddefc391d31b08ce2b
2007.1/i586/ghostscript-8.15-48.1mdv2007.1.i586.rpm
c7e24d11078548da50369047e1fdecb3
2007.1/i586/ghostscript-X-8.15-48.1mdv2007.1.i586.rpm
d9445eab4bb7e790448c4c802d941dbe
2007.1/i586/ghostscript-common-8.15-48.1mdv2007.1.i586.rpm
493426cfe807f8ca889a96ee458bcc3a
2007.1/i586/ghostscript-doc-8.15-48.1mdv2007.1.i586.rpm
62a0643bb8cd0e0844509493668a4953
2007.1/i586/ghostscript-dvipdf-8.15-48.1mdv2007.1.i586.rpm
c4464465d644514bfdf0a4bc625f0119
2007.1/i586/ghostscript-module-X-8.15-48.1mdv2007.1.i586.rpm
eed89d0bc2cc95e9adc672fdd59ebb31
2007.1/i586/libgs8-8.15-48.1mdv2007.1.i586.rpm
ea8dd403702adc9253a59486281f8e56
2007.1/i586/libgs8-devel-8.15-48.1mdv2007.1.i586.rpm
b49d72f566ab385207a7c45b3a803d5c
2007.1/i586/libijs1-0.35-48.1mdv2007.1.i586.rpm
e957af9ea00fa1af8a88bcad71b00da5
2007.1/i586/libijs1-devel-0.35-48.1mdv2007.1.i586.rpm
ce698dd8e3d6ffa4dac9c85c6774b705
2007.1/SRPMS/ghostscript-8.15-48.1mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64:
041a2281e9eee26da6ebfed6a5afff5d
2007.1/x86_64/ghostscript-8.15-48.1mdv2007.1.x86_64.rpm
b77a5f0e94637e71c201f309598b6177
2007.1/x86_64/ghostscript-X-8.15-48.1mdv2007.1.x86_64.rpm
308aebd935159313d40540d16786a541
2007.1/x86_64/ghostscript-common-8.15-48.1mdv2007.1.x86_64.rpm
4d16151cdfde9be0cb0b58c39252284f
2007.1/x86_64/ghostscript-doc-8.15-48.1mdv2007.1.x86_64.rpm
396d6d44f50c0fedc9cd835f072b1149
2007.1/x86_64/ghostscript-dvipdf-8.15-48.1mdv2007.1.x86_64.rpm
37bb1f718fdac868711860cb209388d1
2007.1/x86_64/ghostscript-module-X-8.15-48.1mdv2007.1.x86_64.rpm
d618f0081f802f928e4575c84525eebb
2007.1/x86_64/lib64gs8-8.15-48.1mdv2007.1.x86_64.rpm
47347d420281dcc1a1c4fb73fbb9b8dc
2007.1/x86_64/lib64gs8-devel-8.15-48.1mdv2007.1.x86_64.rpm
57ea6726ce602cbca5bdf2ab1b70b687
2007.1/x86_64/lib64ijs1-0.35-48.1mdv2007.1.x86_64.rpm
92e04164225636994f9b21c9f97275ed
2007.1/x86_64/lib64ijs1-devel-0.35-48.1mdv2007.1.x86_64.rpm
ce698dd8e3d6ffa4dac9c85c6774b705
2007.1/SRPMS/ghostscript-8.15-48.1mdv2007.1.src.rpm
Mandriva Linux 2008.0:
49b3afcb2d92004226453776f86d17f8
2008.0/i586/ghostscript-8.60-55.2mdv2008.0.i586.rpm
e2e0127a7511268838d6a72fd64e30cb
2008.0/i586/ghostscript-X-8.60-55.2mdv2008.0.i586.rpm
2c721049901d8cf168401845bafba9b4
2008.0/i586/ghostscript-common-8.60-55.2mdv2008.0.i586.rpm
06ad5f88130df04bbe60e36672cc4a9b
2008.0/i586/ghostscript-doc-8.60-55.2mdv2008.0.i586.rpm
aa6252821371a033bb0f49af4de19bb7
2008.0/i586/ghostscript-dvipdf-8.60-55.2mdv2008.0.i586.rpm
a3d50d5c5f66ff75de173834d1983add
2008.0/i586/ghostscript-module-X-8.60-55.2mdv2008.0.i586.rpm
4c8656b63ec3bbd34b71c7597b8a837b
2008.0/i586/libgs8-8.60-55.2mdv2008.0.i586.rpm
69c92737c6549de960e1bf00de202249
2008.0/i586/libgs8-devel-8.60-55.2mdv2008.0.i586.rpm
a190981ad1630c4e12a12b8bc4c12473
2008.0/i586/libijs1-0.35-55.2mdv2008.0.i586.rpm
7f9fa011cff43f74e31e3d93f95c55ce
2008.0/i586/libijs1-devel-0.35-55.2mdv2008.0.i586.rpm
e6b171ef6814b45477e23182d9ddf2a7
2008.0/SRPMS/ghostscript-8.60-55.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
500b80761ac353d23731d984def68d92
2008.0/x86_64/ghostscript-8.60-55.2mdv2008.0.x86_64.rpm
3bab68bda03832898311b25d6c6b0965
2008.0/x86_64/ghostscript-X-8.60-55.2mdv2008.0.x86_64.rpm
8d99e0abd15cd8b44fb0e06120d349a1
2008.0/x86_64/ghostscript-common-8.60-55.2mdv2008.0.x86_64.rpm
99b1af93ba073df5eec2fabd799c8d67
2008.0/x86_64/ghostscript-doc-8.60-55.2mdv2008.0.x86_64.rpm
a2594bed986560418a6cce0ad6f8cf8f
2008.0/x86_64/ghostscript-dvipdf-8.60-55.2mdv2008.0.x86_64.rpm
3179463b7984f6bacae246fd25c5e3f5
2008.0/x86_64/ghostscript-module-X-8.60-55.2mdv2008.0.x86_64.rpm
2fdc402ed4634389ba3f50afaded1513
2008.0/x86_64/lib64gs8-8.60-55.2mdv2008.0.x86_64.rpm
2886de34c01602470cc83db8c9888969
2008.0/x86_64/lib64gs8-devel-8.60-55.2mdv2008.0.x86_64.rpm
565a37afc54d44c24f8309c1804883d0
2008.0/x86_64/lib64ijs1-0.35-55.2mdv2008.0.x86_64.rpm
85b9a2494b2818d781688bbb97eeda28
2008.0/x86_64/lib64ijs1-devel-0.35-55.2mdv2008.0.x86_64.rpm
e6b171ef6814b45477e23182d9ddf2a7
2008.0/SRPMS/ghostscript-8.60-55.2mdv2008.0.src.rpm
Corporate 3.0:
0740a55ffc51583ece0c3d6a2ec15a4f
corporate/3.0/i586/cups-drivers-1.1-138.5.C30mdk.i586.rpm
da2dd1210913a6a99575c0f79c38691c
corporate/3.0/i586/foomatic-db-3.0.1-0.20040828.1.5.C30mdk.i586.rpm
ebb4038eed47554cad5650625e0ae9aa
corporate/3.0/i586/foomatic-db-engine-3.0.1-0.20040828.1.5.C30mdk.i586.rpm
284b88a6d93768260eabca912516ae57
corporate/3.0/i586/foomatic-filters-3.0.1-0.20040828.1.5.C30mdk.i586.rpm
55fc4a04e6639dab571812a829dc7a1e
corporate/3.0/i586/ghostscript-7.07-19.5.C30mdk.i586.rpm
d994fe4547f5715c4acd6eb1dc61193d
corporate/3.0/i586/ghostscript-module-X-7.07-19.5.C30mdk.i586.rpm
900629317203474f65c061282906212d
corporate/3.0/i586/gimpprint-4.2.7-2.5.C30mdk.i586.rpm
ee1e4e01f9c21fdf6de1a277fb24ed3f
corporate/3.0/i586/libgimpprint1-4.2.7-2.5.C30mdk.i586.rpm
d7a1d015ed9891d1561e35e02f81a7a9
corporate/3.0/i586/libgimpprint1-devel-4.2.7-2.5.C30mdk.i586.rpm
8e7ef9c19423f72e9966fb156a32baca
corporate/3.0/i586/libijs0-0.34-76.5.C30mdk.i586.rpm
57b58d4e30c79d1d4b7451722cc162da
corporate/3.0/i586/libijs0-devel-0.34-76.5.C30mdk.i586.rpm
9fab5e7e01363d2255254289b78b3bab
corporate/3.0/i586/printer-filters-1.0-138.5.C30mdk.i586.rpm
231e989605b33feccfb79ba1fe7d0ec3
corporate/3.0/i586/printer-testpages-1.0-138.5.C30mdk.i586.rpm
d4893b06e30cffd02a7166a49628ef22
corporate/3.0/i586/printer-utils-1.0-138.5.C30mdk.i586.rpm
45c844e2b7ec80a9760e54744d037bf8
corporate/3.0/SRPMS/printer-drivers-1.0-138.5.C30mdk.src.rpm
Corporate 3.0/X86_64:
a12fc68fbca48a9008171cc549a35cbd
corporate/3.0/x86_64/cups-drivers-1.1-138.5.C30mdk.x86_64.rpm
22cf7cedcb279846c96c706194faa521
corporate/3.0/x86_64/foomatic-db-3.0.1-0.20040828.1.5.C30mdk.x86_64.rpm
316c8ab01584711de457f9e7456e81e5
corporate/3.0/x86_64/foomatic-db-engine-3.0.1-0.20040828.1.5.C30mdk.x86_64.rpm
1dd119152e63debdfce4363fea924162
corporate/3.0/x86_64/foomatic-filters-3.0.1-0.20040828.1.5.C30mdk.x86_64.rpm
51aef80b3a4b53fd50d586f94d06788f
corporate/3.0/x86_64/ghostscript-7.07-19.5.C30mdk.x86_64.rpm
d8d729244d5c80e2c5b7e57a9246a81c
corporate/3.0/x86_64/ghostscript-module-X-7.07-19.5.C30mdk.x86_64.rpm
e55c8ebe3c1c3c16c15e09af3ba5bbe3
corporate/3.0/x86_64/gimpprint-4.2.7-2.5.C30mdk.x86_64.rpm
774e97478f61467e6c49071762d1aa5c
corporate/3.0/x86_64/lib64gimpprint1-4.2.7-2.5.C30mdk.x86_64.rpm
0ae3a70574550131e04de6dd4d56b993
corporate/3.0/x86_64/lib64gimpprint1-devel-4.2.7-2.5.C30mdk.x86_64.rpm
ce0029f485507164d9ac22004c799b94
corporate/3.0/x86_64/lib64ijs0-0.34-76.5.C30mdk.x86_64.rpm
a3dc01753e534d6d2322e857ab1342ab
corporate/3.0/x86_64/lib64ijs0-devel-0.34-76.5.C30mdk.x86_64.rpm
8850a9977a07ce8d0aae8e7f267dd035
corporate/3.0/x86_64/printer-filters-1.0-138.5.C30mdk.x86_64.rpm
2b64059d49d4fbeae463a498faacccf9
corporate/3.0/x86_64/printer-testpages-1.0-138.5.C30mdk.x86_64.rpm
c536d4e2d9288e75bba62c1960aac700
corporate/3.0/x86_64/printer-utils-1.0-138.5.C30mdk.x86_64.rpm
45c844e2b7ec80a9760e54744d037bf8
corporate/3.0/SRPMS/printer-drivers-1.0-138.5.C30mdk.src.rpm
Corporate 4.0:
128e352634d19ad2a2a58de91dc4ed61
corporate/4.0/i586/ghostscript-8.15-46.1.20060mlcs4.i586.rpm
9b4de45a1c1bf7f628a2e82520ca8386
corporate/4.0/i586/ghostscript-X-8.15-46.1.20060mlcs4.i586.rpm
3c690dfaabfb637cbb801a897b891928
corporate/4.0/i586/ghostscript-common-8.15-46.1.20060mlcs4.i586.rpm
87a1efaed3d6135cedf0f8a0092cd0f7
corporate/4.0/i586/ghostscript-dvipdf-8.15-46.1.20060mlcs4.i586.rpm
3710458d31e1254782fe3b2c700022f5
corporate/4.0/i586/ghostscript-module-X-8.15-46.1.20060mlcs4.i586.rpm
cae65be57bfe60ff962f38ec21da10a6
corporate/4.0/i586/libgs8-8.15-46.1.20060mlcs4.i586.rpm
69cda6990a6bd4fc281bba2310d782a4
corporate/4.0/i586/libgs8-devel-8.15-46.1.20060mlcs4.i586.rpm
608259ea7eca0233dacf0423cf4412ce
corporate/4.0/i586/libijs1-0.35-46.1.20060mlcs4.i586.rpm
5c7dc11cbd7bef1304484fdfa73254df
corporate/4.0/i586/libijs1-devel-0.35-46.1.20060mlcs4.i586.rpm
17b52eacabca6e84238c4e0400caad6d
corporate/4.0/SRPMS/ghostscript-8.15-46.1.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
f30959f1ab27734a96a5aff0f89b655b
corporate/4.0/x86_64/ghostscript-8.15-46.1.20060mlcs4.x86_64.rpm
2b360f654a4239bc9445be1ee988dac8
corporate/4.0/x86_64/ghostscript-X-8.15-46.1.20060mlcs4.x86_64.rpm
cd43deb0bb76723dc1991b6b38d40e5f
corporate/4.0/x86_64/ghostscript-common-8.15-46.1.20060mlcs4.x86_64.rpm
2336c92f72f4c023a06b83ad8d00e739
corporate/4.0/x86_64/ghostscript-dvipdf-8.15-46.1.20060mlcs4.x86_64.rpm
c7749f1faf9dbb1119796dfc3234ff0c
corporate/4.0/x86_64/ghostscript-module-X-8.15-46.1.20060mlcs4.x86_64.rpm
55a229c2bcd6ce2db4e4eb63cc511420
corporate/4.0/x86_64/lib64gs8-8.15-46.1.20060mlcs4.x86_64.rpm
1e3a9b7b9524e064b8527b3fdccf9ed0
corporate/4.0/x86_64/lib64gs8-devel-8.15-46.1.20060mlcs4.x86_64.rpm
6b2abd6151b5d2bb9d55c0a14cca79d2
corporate/4.0/x86_64/lib64ijs1-0.35-46.1.20060mlcs4.x86_64.rpm
b40fa6a2c4adabecdedd0363fd62c893
corporate/4.0/x86_64/lib64ijs1-devel-0.35-46.1.20060mlcs4.x86_64.rpm
17b52eacabca6e84238c4e0400caad6d
corporate/4.0/SRPMS/ghostscript-8.15-46.1.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHx41LmqjQ0CJFipgRAlhvAKDI73J1CwV3f5hvv3tlUTIkwn4kAwCfZ5ij
gUc1w5OIYN3KI1c8snNYJ5Q=
=+hFr
-----END PGP SIGNATURE-----