=========================================================== Ubuntu Security Notice USN-757-1 April 15, 2009 ghostscript, gs-esp, gs-gpl vulnerabilities CVE-2007-6725, CVE-2008-6679, CVE-2009-0196, CVE-2009-0583, CVE-2009-0584, CVE-2009-0792 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: gs-esp 8.15.2.dfsg.0ubuntu1-0ubuntu1.2 gs-gpl 8.15-4ubuntu3.3 Ubuntu 8.04 LTS: libgs8 8.61.dfsg.1-1ubuntu3.2 Ubuntu 8.10: libgs8 8.63.dfsg.1-0ubuntu6.4 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that Ghostscript contained a buffer underflow in its CCITTFax decoding filter. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2007-6725) It was discovered that Ghostscript contained a buffer overflow in the BaseFont writer module. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2008-6679) It was discovered that Ghostscript contained additional integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript or PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0792) Alin Rad Pop discovered that Ghostscript contained a buffer overflow in the jbig2dec library. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0196) USN-743-1 provided updated ghostscript and gs-gpl packages to fix two security vulnerabilities. This update corrects the same vulnerabilities in the gs-esp package. Original advisory details: It was discovered that Ghostscript contained multiple integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0583) It was discovered that Ghostscript did not properly perform bounds checking in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0584) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2.diff.gz Size/MD5: 88475 888a5e36bcd499e1c0a6104c2f2c32b2 http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2.dsc Size/MD5: 904 0b4f1a1e2255ffcfa870adee0c933eba http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1.orig.tar.gz Size/MD5: 7318074 cf386d9cdbf447f292128aa3bf17a94c http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3.diff.gz Size/MD5: 45642 04b7f413b90ef9a01ee7b78bb06f4b0c http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3.dsc Size/MD5: 864 5c03cef56ec50634d6bde7ac4e8d154b http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15.orig.tar.gz Size/MD5: 6382514 f2e0e6355d4b64e6f636b62a2220ad47 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs_8.15-4ubuntu3.3_all.deb Size/MD5: 14958 786b4e5e659958f80fb2f6ebba60131c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2_amd64.deb Size/MD5: 3086720 e56a942a70491403b044492228b9e60c http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3_amd64.deb Size/MD5: 2768130 8974dd28ce222b8f9b9170121f7f4565 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2_i386.deb Size/MD5: 2879706 364962f1d6445fecbc777ff3eba3e71f http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3_i386.deb Size/MD5: 2590888 d454d8ebe63b6ac2f8ea5148ab7d79be powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2_powerpc.deb Size/MD5: 3069114 75807469a620426a9fae5a0d9ed5effc http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3_powerpc.deb Size/MD5: 2751418 195cc55e06eb108d38e7183d4ef93f2a sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/g/gs-esp/gs-esp_8.15.2.dfsg.0ubuntu1-0ubuntu1.2_sparc.deb Size/MD5: 2912480 f902f75395b7bf7e1bdb0a8f0e31072d http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.15-4ubuntu3.3_sparc.deb Size/MD5: 2616726 f8204c3caad01b832d309cb307e87c99 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2.diff.gz Size/MD5: 110434 dcdeaf75d04bfeb1c7e2beefea977753 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2.dsc Size/MD5: 1206 3f0396e784c1fa07b6e3e3728072faf8 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1.orig.tar.gz Size/MD5: 12199544 4669884352d6967153a13a1d413f26b2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-doc_8.61.dfsg.1-1ubuntu3.2_all.deb Size/MD5: 2725280 2d9fb6d5078f95de159f6e4ac25b5889 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-gpl_8.61.dfsg.1-1ubuntu3.2_all.deb Size/MD5: 27934 42619ea5765adf1bce524f7a7de5060c http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs_8.61.dfsg.1-1ubuntu3.2_all.deb Size/MD5: 27930 3f720ae67557ae5956a5a19f512bd10c http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-esp-dev_8.61.dfsg.1-1ubuntu3.2_all.deb Size/MD5: 27942 a3ee0e4007848f6778e3e0cc433baab8 http://security.ubuntu.com/ubuntu/pool/multiverse/g/ghostscript/gs-aladdin_8.61.dfsg.1-1ubuntu3.2_all.deb Size/MD5: 27936 3e45a07defaab03b9af973f565973deb http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-common_8.61.dfsg.1-1ubuntu3.2_all.deb Size/MD5: 27934 1e1fafc614dc563ef5db46744ebb2d65 http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp-x_8.61.dfsg.1-1ubuntu3.2_all.deb Size/MD5: 27928 56e3d854d67b738c9ee1d3eac68ec62a http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp_8.61.dfsg.1-1ubuntu3.2_all.deb Size/MD5: 27920 334312a6225c76d69fe5e259500ac36e amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_amd64.deb Size/MD5: 61914 e1a0b0675481193dc941db3a15af365f http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_amd64.deb Size/MD5: 739836 28ef7752ce30d66573e95be97a91f557 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_amd64.deb Size/MD5: 15092 718ea138e8711314fde1a1ab5bd326d7 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_amd64.deb Size/MD5: 2302114 4b12f56ad2e3665b7c7ff705e1a37988 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_i386.deb Size/MD5: 60248 6eb4e669b1aaa8fc33c1aec44f9aef70 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_i386.deb Size/MD5: 739930 235fdf708d0addb8c641234dcc46c8dc http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_i386.deb Size/MD5: 15094 3594e6e2fee08c35c2732908a72f8531 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_i386.deb Size/MD5: 2216730 5fcbbbab7bd0be7706498d2a4e64a261 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_lpia.deb Size/MD5: 59840 7664a2ac830360aa3a26191265e7b49b http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_lpia.deb Size/MD5: 739536 08441356acaed8c8a17622dc9fdda7e1 http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_lpia.deb Size/MD5: 15096 4d93a542ae9b1b595723e95e483b2277 http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_lpia.deb Size/MD5: 2209744 efa4db8adfd22b58f36c930792b0ebe6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_powerpc.deb Size/MD5: 64960 e44bdeb6d982fe85df33919221742bf8 http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_powerpc.deb Size/MD5: 742288 cd314807d66f2eef4a8ec9e8b622e7c4 http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_powerpc.deb Size/MD5: 15102 fb1604ae54eda89546cfd0931e7a340e http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_powerpc.deb Size/MD5: 2395884 3d454d68d26ab7dd25f79d0cff8f79fc sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1-1ubuntu3.2_sparc.deb Size/MD5: 59152 3db40124236ca66dbe6771ed97944a89 http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1-1ubuntu3.2_sparc.deb Size/MD5: 739734 12aab96c1c44665fd35cf6871dbca3e8 http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1-1ubuntu3.2_sparc.deb Size/MD5: 15092 e709b95bfe603f5e5ce512ec1ef0ea87 http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.61.dfsg.1-1ubuntu3.2_sparc.deb Size/MD5: 2184148 ae618f8fd60ff53259d9009fd4525286 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4.diff.gz Size/MD5: 117152 e861a0b6261b876ea8638fdb774f550a http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4.dsc Size/MD5: 1648 3af1ae64f055cceffdd2489e9a69b6f5 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1.orig.tar.gz Size/MD5: 13446723 0f019ca7041f892255600abf58aa1eec Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-doc_8.63.dfsg.1-0ubuntu6.4_all.deb Size/MD5: 2843940 9bbfc9b09deebac55a53c463729771c1 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-common_8.63.dfsg.1-0ubuntu6.4_all.deb Size/MD5: 30562 3d72c15e83c920ce72bfbbd47436e704 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-gpl_8.63.dfsg.1-0ubuntu6.4_all.deb Size/MD5: 30562 2fdec106a3170a9899faea032d3527bb http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs_8.63.dfsg.1-0ubuntu6.4_all.deb Size/MD5: 30556 bfd7af84ef3aca682a17a8db6446b7dd http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-esp-dev_8.63.dfsg.1-0ubuntu6.4_all.deb Size/MD5: 30100 cb2a62d828fe463c5ddc92fff6184c17 http://security.ubuntu.com/ubuntu/pool/multiverse/g/ghostscript/gs-aladdin_8.63.dfsg.1-0ubuntu6.4_all.deb Size/MD5: 30560 1ef502dc69f6a2cfda973ea7b0f9091f http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp-x_8.63.dfsg.1-0ubuntu6.4_all.deb Size/MD5: 30088 0645862bdecf9bdcb651cd672d441e89 http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp_8.63.dfsg.1-0ubuntu6.4_all.deb Size/MD5: 30548 48cf5e56c4c06d460aaf6b1a4243a3a0 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_amd64.deb Size/MD5: 64372 63421de9c9f3bb16f639b11213ed4ad7 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_amd64.deb Size/MD5: 795550 3d2c08a01de9b91667fcd06c253960e0 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_amd64.deb Size/MD5: 15094 cae2da14946aad2e3d158e1db7aca624 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_amd64.deb Size/MD5: 2386192 5e3ebd7b79309db1c7359558a97aeb18 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_i386.deb Size/MD5: 63022 82a47c879af21d1e3d2ff7ffef449553 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_i386.deb Size/MD5: 795030 30c0c3fd8d606c73d365adf901653dfe http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_i386.deb Size/MD5: 15090 bef1ea9161f55bf760b166b428663354 http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_i386.deb Size/MD5: 2291468 fdb4d25935f5271a415c041e7503464b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_lpia.deb Size/MD5: 62470 ac2789a870bfce68e9ac683d80c2257d http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_lpia.deb Size/MD5: 795022 f4dab53c3f01fdca8d0c399940e170af http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_lpia.deb Size/MD5: 15088 55b3c9182a964f7c58a8380bfec0eba2 http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_lpia.deb Size/MD5: 2273562 b87ce70cd757823653b3404ed1fa8560 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_powerpc.deb Size/MD5: 67086 84567c0401077e0f742c9ba2e611e4fe http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_powerpc.deb Size/MD5: 798252 d4f700d96229bfbd2688d2e0fa1eeb30 http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_powerpc.deb Size/MD5: 15100 0be215b3317c43abd5d5e137f929fe3a http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_powerpc.deb Size/MD5: 2472500 2392467d6f113f08fa23dc6d2a6595a7 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript-x_8.63.dfsg.1-0ubuntu6.4_sparc.deb Size/MD5: 61480 ba8052bd2ebc5542f4d442f4681a8652 http://ports.ubuntu.com/pool/main/g/ghostscript/ghostscript_8.63.dfsg.1-0ubuntu6.4_sparc.deb Size/MD5: 795456 8ee9db74e81cc58fbcddfdc7628c2935 http://ports.ubuntu.com/pool/main/g/ghostscript/libgs-dev_8.63.dfsg.1-0ubuntu6.4_sparc.deb Size/MD5: 15100 09be0f187e6edda02ce73e0dafa715e9 http://ports.ubuntu.com/pool/main/g/ghostscript/libgs8_8.63.dfsg.1-0ubuntu6.4_sparc.deb Size/MD5: 2232010 b3e6a3507a906cad5ad6d24fb77e57df
Attachment:
signature.asc
Description: This is a digitally signed message part