<<< Date Index >>>     <<< Thread Index >>>

[USN-757-1] Ghostscript vulnerabilities



===========================================================
Ubuntu Security Notice USN-757-1             April 15, 2009
ghostscript, gs-esp, gs-gpl vulnerabilities
CVE-2007-6725, CVE-2008-6679, CVE-2009-0196, CVE-2009-0583,
CVE-2009-0584, CVE-2009-0792
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  gs-esp                          8.15.2.dfsg.0ubuntu1-0ubuntu1.2
  gs-gpl                          8.15-4ubuntu3.3

Ubuntu 8.04 LTS:
  libgs8                          8.61.dfsg.1-1ubuntu3.2

Ubuntu 8.10:
  libgs8                          8.63.dfsg.1-0ubuntu6.4

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Ghostscript contained a buffer underflow in its
CCITTFax decoding filter. If a user or automated system were tricked into
opening a crafted PDF file, an attacker could cause a denial of service or
execute arbitrary code with privileges of the user invoking the program.
(CVE-2007-6725)

It was discovered that Ghostscript contained a buffer overflow in the
BaseFont writer module. If a user or automated system were tricked into
opening a crafted Postscript file, an attacker could cause a denial of
service or execute arbitrary code with privileges of the user invoking the
program. (CVE-2008-6679)

It was discovered that Ghostscript contained additional integer overflows
in its ICC color management library. If a user or automated system were
tricked into opening a crafted Postscript or PDF file, an attacker could
cause a denial of service or execute arbitrary code with privileges of the
user invoking the program. (CVE-2009-0792)

Alin Rad Pop discovered that Ghostscript contained a buffer overflow in the
jbig2dec library. If a user or automated system were tricked into opening a
crafted PDF file, an attacker could cause a denial of service or execute
arbitrary code with privileges of the user invoking the program.
(CVE-2009-0196)

USN-743-1 provided updated ghostscript and gs-gpl packages to fix two
security vulnerabilities. This update corrects the same vulnerabilities in
the gs-esp package.

Original advisory details:
 It was discovered that Ghostscript contained multiple integer overflows in
 its ICC color management library. If a user or automated system were
 tricked into opening a crafted Postscript file, an attacker could cause a
 denial of service or execute arbitrary code with privileges of the user
 invoking the program. (CVE-2009-0583)

 It was discovered that Ghostscript did not properly perform bounds
 checking in its ICC color management library. If a user or automated
 system were tricked into opening a crafted Postscript file, an attacker
 could cause a denial of service or execute arbitrary code with privileges
 of the user invoking the program. (CVE-2009-0584)


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2.diff.gz
      Size/MD5:    88475 888a5e36bcd499e1c0a6104c2f2c32b2
    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2.dsc
      Size/MD5:      904 0b4f1a1e2255ffcfa870adee0c933eba
    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1.orig.tar.gz
      Size/MD5:  7318074 cf386d9cdbf447f292128aa3bf17a94c
    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3.diff.gz
      Size/MD5:    45642 04b7f413b90ef9a01ee7b78bb06f4b0c
    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3.dsc
      Size/MD5:      864 5c03cef56ec50634d6bde7ac4e8d154b
    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15.orig.tar.gz
      Size/MD5:  6382514 f2e0e6355d4b64e6f636b62a2220ad47

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs_8.15-4ubuntu3.3_all.deb
      Size/MD5:    14958 786b4e5e659958f80fb2f6ebba60131c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2_amd64.deb
      Size/MD5:  3086720 e56a942a70491403b044492228b9e60c
    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3_amd64.deb
      Size/MD5:  2768130 8974dd28ce222b8f9b9170121f7f4565

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2_i386.deb
      Size/MD5:  2879706 364962f1d6445fecbc777ff3eba3e71f
    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3_i386.deb
      Size/MD5:  2590888 d454d8ebe63b6ac2f8ea5148ab7d79be

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2_powerpc.deb
      Size/MD5:  3069114 75807469a620426a9fae5a0d9ed5effc
    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3_powerpc.deb
      Size/MD5:  2751418 195cc55e06eb108d38e7183d4ef93f2a

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2_sparc.deb
      Size/MD5:  2912480 f902f75395b7bf7e1bdb0a8f0e31072d
    
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3_sparc.deb
      Size/MD5:  2616726 f8204c3caad01b832d309cb307e87c99

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2.diff.gz
      Size/MD5:   110434 dcdeaf75d04bfeb1c7e2beefea977753
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2.dsc
      Size/MD5:     1206 3f0396e784c1fa07b6e3e3728072faf8
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1.orig.tar.gz
      Size/MD5: 12199544 4669884352d6967153a13a1d413f26b2

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-doc_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:  2725280 2d9fb6d5078f95de159f6e4ac25b5889
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-gpl_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:    27934 42619ea5765adf1bce524f7a7de5060c
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:    27930 3f720ae67557ae5956a5a19f512bd10c
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-esp-dev_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:    27942 a3ee0e4007848f6778e3e0cc433baab8
    
http://security.ubuntu.com/ubuntu/pool/multiverse/g/ghostscript/gs-aladdin_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:    27936 3e45a07defaab03b9af973f565973deb
    
http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-common_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:    27934 1e1fafc614dc563ef5db46744ebb2d65
    
http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp-x_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:    27928 56e3d854d67b738c9ee1d3eac68ec62a
    
http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp_8.61.dfsg.1-1ubuntu3.2_all.deb
      Size/MD5:    27920 334312a6225c76d69fe5e259500ac36e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_amd64.deb
      Size/MD5:    61914 e1a0b0675481193dc941db3a15af365f
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_amd64.deb
      Size/MD5:   739836 28ef7752ce30d66573e95be97a91f557
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_amd64.deb
      Size/MD5:    15092 718ea138e8711314fde1a1ab5bd326d7
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_amd64.deb
      Size/MD5:  2302114 4b12f56ad2e3665b7c7ff705e1a37988

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_i386.deb
      Size/MD5:    60248 6eb4e669b1aaa8fc33c1aec44f9aef70
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_i386.deb
      Size/MD5:   739930 235fdf708d0addb8c641234dcc46c8dc
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_i386.deb
      Size/MD5:    15094 3594e6e2fee08c35c2732908a72f8531
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_i386.deb
      Size/MD5:  2216730 5fcbbbab7bd0be7706498d2a4e64a261

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_lpia.deb
      Size/MD5:    59840 7664a2ac830360aa3a26191265e7b49b
    
http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_lpia.deb
      Size/MD5:   739536 08441356acaed8c8a17622dc9fdda7e1
    
http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_lpia.deb
      Size/MD5:    15096 4d93a542ae9b1b595723e95e483b2277
    
http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_lpia.deb
      Size/MD5:  2209744 efa4db8adfd22b58f36c930792b0ebe6

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_powerpc.deb
      Size/MD5:    64960 e44bdeb6d982fe85df33919221742bf8
    
http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_powerpc.deb
      Size/MD5:   742288 cd314807d66f2eef4a8ec9e8b622e7c4
    
http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_powerpc.deb
      Size/MD5:    15102 fb1604ae54eda89546cfd0931e7a340e
    
http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_powerpc.deb
      Size/MD5:  2395884 3d454d68d26ab7dd25f79d0cff8f79fc

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_sparc.deb
      Size/MD5:    59152 3db40124236ca66dbe6771ed97944a89
    
http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_sparc.deb
      Size/MD5:   739734 12aab96c1c44665fd35cf6871dbca3e8
    
http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_sparc.deb
      Size/MD5:    15092 e709b95bfe603f5e5ce512ec1ef0ea87
    
http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_sparc.deb
      Size/MD5:  2184148 ae618f8fd60ff53259d9009fd4525286

Updated packages for Ubuntu 8.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4.diff.gz
      Size/MD5:   117152 e861a0b6261b876ea8638fdb774f550a
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4.dsc
      Size/MD5:     1648 3af1ae64f055cceffdd2489e9a69b6f5
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1.orig.tar.gz
      Size/MD5: 13446723 0f019ca7041f892255600abf58aa1eec

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-doc_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:  2843940 9bbfc9b09deebac55a53c463729771c1
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-common_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:    30562 3d72c15e83c920ce72bfbbd47436e704
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-gpl_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:    30562 2fdec106a3170a9899faea032d3527bb
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:    30556 bfd7af84ef3aca682a17a8db6446b7dd
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-esp-dev_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:    30100 cb2a62d828fe463c5ddc92fff6184c17
    
http://security.ubuntu.com/ubuntu/pool/multiverse/g/ghostscript/gs-aladdin_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:    30560 1ef502dc69f6a2cfda973ea7b0f9091f
    
http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp-x_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:    30088 0645862bdecf9bdcb651cd672d441e89
    
http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp_8.63.dfsg.1-0ubuntu6.4_all.deb
      Size/MD5:    30548 48cf5e56c4c06d460aaf6b1a4243a3a0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_amd64.deb
      Size/MD5:    64372 63421de9c9f3bb16f639b11213ed4ad7
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_amd64.deb
      Size/MD5:   795550 3d2c08a01de9b91667fcd06c253960e0
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_amd64.deb
      Size/MD5:    15094 cae2da14946aad2e3d158e1db7aca624
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_amd64.deb
      Size/MD5:  2386192 5e3ebd7b79309db1c7359558a97aeb18

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_i386.deb
      Size/MD5:    63022 82a47c879af21d1e3d2ff7ffef449553
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_i386.deb
      Size/MD5:   795030 30c0c3fd8d606c73d365adf901653dfe
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_i386.deb
      Size/MD5:    15090 bef1ea9161f55bf760b166b428663354
    
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_i386.deb
      Size/MD5:  2291468 fdb4d25935f5271a415c041e7503464b

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_lpia.deb
      Size/MD5:    62470 ac2789a870bfce68e9ac683d80c2257d
    
http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_lpia.deb
      Size/MD5:   795022 f4dab53c3f01fdca8d0c399940e170af
    
http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_lpia.deb
      Size/MD5:    15088 55b3c9182a964f7c58a8380bfec0eba2
    
http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_lpia.deb
      Size/MD5:  2273562 b87ce70cd757823653b3404ed1fa8560

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_powerpc.deb
      Size/MD5:    67086 84567c0401077e0f742c9ba2e611e4fe
    
http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_powerpc.deb
      Size/MD5:   798252 d4f700d96229bfbd2688d2e0fa1eeb30
    
http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_powerpc.deb
      Size/MD5:    15100 0be215b3317c43abd5d5e137f929fe3a
    
http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_powerpc.deb
      Size/MD5:  2472500 2392467d6f113f08fa23dc6d2a6595a7

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_sparc.deb
      Size/MD5:    61480 ba8052bd2ebc5542f4d442f4681a8652
    
http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_sparc.deb
      Size/MD5:   795456 8ee9db74e81cc58fbcddfdc7628c2935
    
http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_sparc.deb
      Size/MD5:    15100 09be0f187e6edda02ce73e0dafa715e9
    
http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_sparc.deb
      Size/MD5:  2232010 b3e6a3507a906cad5ad6d24fb77e57df


Attachment: signature.asc
Description: This is a digitally signed message part