[ MDVSA-2009:095 ] ghostscript
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:095
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ghostscript
Date : April 24, 2009
Affected: 2008.1, 2009.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A buffer underflow in Ghostscript's CCITTFax decoding filter allows
remote attackers to cause denial of service and possibly to execute
arbitrary by using a crafted PDF file (CVE-2007-6725).
Buffer overflow in Ghostscript's BaseFont writer module allows
remote attackers to cause a denial of service and possibly to execute
arbitrary code via a crafted Postscript file (CVE-2008-6679).
Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
of service (heap-based buffer overflow and application crash) and
possibly execute arbirary code by using either a PostScript or PDF
file with crafte embedded images (CVE-2009-0583, CVE-2009-0584).
Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
of service (heap-based buffer overflow and application crash) and
possibly execute arbirary code by using either a PostScript or PDF
file with crafte embedded images. Note: this issue exists because of
an incomplete fix for CVE-2009-0583 (CVE-2009-0792).
Heap-based overflow in Ghostscript's JBIG2 decoding library allows
attackers to cause denial of service and possibly to execute arbitrary
code by using a crafted PDF file (CVE-2009-0196).
This update provides fixes for that vulnerabilities.
Update:
gostscript packages from Mandriva Linux 2009.0 distribution are not
affected by CVE-2007-6725.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
21e5523f3dd1e662749153256a9c4c29
2008.1/i586/ghostscript-8.61-60.1mdv2008.1.i586.rpm
67c9ef01cbb300b355ca7973796128e1
2008.1/i586/ghostscript-common-8.61-60.1mdv2008.1.i586.rpm
981885697a740a41de36f2fbe9162ead
2008.1/i586/ghostscript-doc-8.61-60.1mdv2008.1.i586.rpm
6021f2ba30f5db13365b4b4032bd95dd
2008.1/i586/ghostscript-dvipdf-8.61-60.1mdv2008.1.i586.rpm
fbcf137a546d3a26728d03c43fe91f63
2008.1/i586/ghostscript-module-X-8.61-60.1mdv2008.1.i586.rpm
7957439e200dd85d147896c324267d25
2008.1/i586/ghostscript-X-8.61-60.1mdv2008.1.i586.rpm
2c15c85bde4846cf0e353bb05af17320
2008.1/i586/libgs8-8.61-60.1mdv2008.1.i586.rpm
eb5d8bab4161862a3f52cac7e75026b1
2008.1/i586/libgs8-devel-8.61-60.1mdv2008.1.i586.rpm
8c54dfe0af736153a138361ca4f7093a
2008.1/i586/libijs1-0.35-60.1mdv2008.1.i586.rpm
e8192518fbd2f9931ae54a86bcbbf567
2008.1/i586/libijs1-devel-0.35-60.1mdv2008.1.i586.rpm
c65ca4c2032670ac4f30ef131a8f3d32
2008.1/SRPMS/ghostscript-8.61-60.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
1495a4f65154f7a50888a96162e6a180
2008.1/x86_64/ghostscript-8.61-60.1mdv2008.1.x86_64.rpm
3afecedda4a8d72f32f37efeabbaf46e
2008.1/x86_64/ghostscript-common-8.61-60.1mdv2008.1.x86_64.rpm
a2a2969f5c501347f6c7513a8180ac62
2008.1/x86_64/ghostscript-doc-8.61-60.1mdv2008.1.x86_64.rpm
016239f5bc2cca3aae62f1dc3fa443a2
2008.1/x86_64/ghostscript-dvipdf-8.61-60.1mdv2008.1.x86_64.rpm
5537b78ef9cac087f3a6c88e8c6c4b34
2008.1/x86_64/ghostscript-module-X-8.61-60.1mdv2008.1.x86_64.rpm
1927c0fce28438b00d504d5bf207a257
2008.1/x86_64/ghostscript-X-8.61-60.1mdv2008.1.x86_64.rpm
7da692a79f0054041c685f74d291c042
2008.1/x86_64/lib64gs8-8.61-60.1mdv2008.1.x86_64.rpm
e8eef75aa357ab14937c9e5bd07bad83
2008.1/x86_64/lib64gs8-devel-8.61-60.1mdv2008.1.x86_64.rpm
25dbc9b27639c90097a14532d8e30039
2008.1/x86_64/lib64ijs1-0.35-60.1mdv2008.1.x86_64.rpm
3effb7a452c598b79a9ccf2a2a85402f
2008.1/x86_64/lib64ijs1-devel-0.35-60.1mdv2008.1.x86_64.rpm
c65ca4c2032670ac4f30ef131a8f3d32
2008.1/SRPMS/ghostscript-8.61-60.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
08d85895c1b9b2f184b521b347b6c3a9
2009.0/i586/ghostscript-8.63-62.1mdv2009.0.i586.rpm
b80577925371e2e310efa46cc7e6524e
2009.0/i586/ghostscript-common-8.63-62.1mdv2009.0.i586.rpm
3d2b787310d18f6d57e8f2759e2e378d
2009.0/i586/ghostscript-doc-8.63-62.1mdv2009.0.i586.rpm
74230df515cd6f728b1ad0fa7425881f
2009.0/i586/ghostscript-dvipdf-8.63-62.1mdv2009.0.i586.rpm
89013a75d8c588b5ac8b08e68585c55e
2009.0/i586/ghostscript-module-X-8.63-62.1mdv2009.0.i586.rpm
383751e84376fe6bbd7e3cb52c2f9a68
2009.0/i586/ghostscript-X-8.63-62.1mdv2009.0.i586.rpm
353d6c17931a606fe9de82f3ce275dd5
2009.0/i586/libgs8-8.63-62.1mdv2009.0.i586.rpm
05665f903b2ac9b5f1baf924598250ab
2009.0/i586/libgs8-devel-8.63-62.1mdv2009.0.i586.rpm
a3d0879ab70588df82b0a2a0eba91cc4
2009.0/i586/libijs1-0.35-62.1mdv2009.0.i586.rpm
75b2f976582e0e1b2800927c0c0356d1
2009.0/i586/libijs1-devel-0.35-62.1mdv2009.0.i586.rpm
f10ffcf2150c332ff6baf9befc04561a
2009.0/SRPMS/ghostscript-8.63-62.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
66ea01cecd74b8baf47c0fde1333eb94
2009.0/x86_64/ghostscript-8.63-62.1mdv2009.0.x86_64.rpm
a5f89f1f738627329671fedc6499e066
2009.0/x86_64/ghostscript-common-8.63-62.1mdv2009.0.x86_64.rpm
8b7c1317a8da3b8ce5b19f9ee4b1e32d
2009.0/x86_64/ghostscript-doc-8.63-62.1mdv2009.0.x86_64.rpm
72e99ba40f13862aa1117738cb426e8a
2009.0/x86_64/ghostscript-dvipdf-8.63-62.1mdv2009.0.x86_64.rpm
9ef78a2da9e98e5a9b50c850166a2974
2009.0/x86_64/ghostscript-module-X-8.63-62.1mdv2009.0.x86_64.rpm
e66cb4eca77d326f7a8aa62c303a0630
2009.0/x86_64/ghostscript-X-8.63-62.1mdv2009.0.x86_64.rpm
6310d106dc710713b89b8053f702bff1
2009.0/x86_64/lib64gs8-8.63-62.1mdv2009.0.x86_64.rpm
69b66aa75de8eb8739b1b4cda07c9f5f
2009.0/x86_64/lib64gs8-devel-8.63-62.1mdv2009.0.x86_64.rpm
ce33d1391e0fb673c865df40a3d63eb4
2009.0/x86_64/lib64ijs1-0.35-62.1mdv2009.0.x86_64.rpm
9eac0d8043cb220edbbdf795c4f8eed0
2009.0/x86_64/lib64ijs1-devel-0.35-62.1mdv2009.0.x86_64.rpm
f10ffcf2150c332ff6baf9befc04561a
2009.0/SRPMS/ghostscript-8.63-62.1mdv2009.0.src.rpm
Corporate 4.0:
f3f2dd869b6716d5693a2851d0103d29
corporate/4.0/i586/ghostscript-8.15-46.2.20060mlcs4.i586.rpm
dfbad4b982a25d92abe3c59dd66dfcc5
corporate/4.0/i586/ghostscript-common-8.15-46.2.20060mlcs4.i586.rpm
0db7b9267e286692faba1c3d0dc96ba8
corporate/4.0/i586/ghostscript-dvipdf-8.15-46.2.20060mlcs4.i586.rpm
671ac5a9cbe53778e42bff674eecc29f
corporate/4.0/i586/ghostscript-module-X-8.15-46.2.20060mlcs4.i586.rpm
084da1f80aed83f0c2760cb4badd0912
corporate/4.0/i586/ghostscript-X-8.15-46.2.20060mlcs4.i586.rpm
e1f093bba6ef20334386d510c8d71a16
corporate/4.0/i586/libgs8-8.15-46.2.20060mlcs4.i586.rpm
6822f3330c5df7322f0b2b358fc8a0b8
corporate/4.0/i586/libgs8-devel-8.15-46.2.20060mlcs4.i586.rpm
8524416169178e556b61dd524bccb880
corporate/4.0/i586/libijs1-0.35-46.2.20060mlcs4.i586.rpm
1608d8fc8f9f11a91a270f73a820886d
corporate/4.0/i586/libijs1-devel-0.35-46.2.20060mlcs4.i586.rpm
2d6e27ec1923b32485fc40fbe73f5e76
corporate/4.0/SRPMS/ghostscript-8.15-46.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
3bf733e0a435f1d043ab03ee89bf900f
corporate/4.0/x86_64/ghostscript-8.15-46.2.20060mlcs4.x86_64.rpm
378d6bedbe98a7ae128bf24ce73ff237
corporate/4.0/x86_64/ghostscript-common-8.15-46.2.20060mlcs4.x86_64.rpm
ef7a7d50ec22edf3194351c0564362ac
corporate/4.0/x86_64/ghostscript-dvipdf-8.15-46.2.20060mlcs4.x86_64.rpm
5b70ec3ac9bfd88c9281a768089993fc
corporate/4.0/x86_64/ghostscript-module-X-8.15-46.2.20060mlcs4.x86_64.rpm
1ea47debc989e4ce9efa7ced8d23ced3
corporate/4.0/x86_64/ghostscript-X-8.15-46.2.20060mlcs4.x86_64.rpm
aaad3b214a420ebfb7599aa7bf6c2265
corporate/4.0/x86_64/lib64gs8-8.15-46.2.20060mlcs4.x86_64.rpm
3d807e9b0ff862a28d3b15a067f71f27
corporate/4.0/x86_64/lib64gs8-devel-8.15-46.2.20060mlcs4.x86_64.rpm
46dcc298bf2eb2b0be3a7cdcaf20f4a6
corporate/4.0/x86_64/lib64ijs1-0.35-46.2.20060mlcs4.x86_64.rpm
5c656acee2162a7ab67bee745cbbf473
corporate/4.0/x86_64/lib64ijs1-devel-0.35-46.2.20060mlcs4.x86_64.rpm
2d6e27ec1923b32485fc40fbe73f5e76
corporate/4.0/SRPMS/ghostscript-8.15-46.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ8d0VmqjQ0CJFipgRAmAFAJ0VG4BedOc36ha3HKdhcGHOKULILwCfRY4i
NI4Hm3ny+blkGziBjdTkXdg=
=MXEA
-----END PGP SIGNATURE-----