what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-311

Mandriva Linux Security Advisory 2009-311
Posted Dec 4, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-311 - Multiple security vulnerabilities has been identified and fixed in ghostscript.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2007-6725, CVE-2008-3520, CVE-2008-3522, CVE-2008-6679, CVE-2009-0196, CVE-2009-0583, CVE-2009-0584, CVE-2009-0792
SHA-256 | 7d620b4793a61a790bea974d9d2e7ae93d719f604dcaef5d8714471748e8c774

Mandriva Linux Security Advisory 2009-311

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:311
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ghostscript
Date : December 3, 2009
Affected: 2008.0
_______________________________________________________________________

Problem Description:

Multiple security vulnerabilities has been identified and fixed
in ghostscript:

A buffer underflow in Ghostscript's CCITTFax decoding filter allows
remote attackers to cause denial of service and possibly to execute
arbitrary by using a crafted PDF file (CVE-2007-6725).

Buffer overflow in Ghostscript's BaseFont writer module allows
remote attackers to cause a denial of service and possibly to execute
arbitrary code via a crafted Postscript file (CVE-2008-6679).

Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
of service (heap-based buffer overflow and application crash) and
possibly execute arbirary code by using either a PostScript or PDF
file with crafte embedded images (CVE-2009-0583, CVE-2009-0584).

Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
of service (heap-based buffer overflow and application crash) and
possibly execute arbirary code by using either a PostScript or PDF
file with crafte embedded images. Note: this issue exists because of
an incomplete fix for CVE-2009-0583 (CVE-2009-0792).

Heap-based overflow in Ghostscript's JBIG2 decoding library allows
attackers to cause denial of service and possibly to execute arbitrary
code by using a crafted PDF file (CVE-2009-0196).

Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).

Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
vectors related to the mif_hdr_put function and use of vsprintf
(CVE-2008-3522).

Previousely the ghostscript packages were statically built against
a bundled and private copy of the jasper library. This update makes
ghostscript link against the shared system jasper library which
makes it easier to address presumptive future security issues in the
jasper library.

Packages for 2008.0 are being provided due to extended support for
Corporate products.

This update provides fixes for that vulnerabilities.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
d419c4cc3452b90b350c8fda68bf29f8 2008.0/i586/ghostscript-8.60-55.3mdv2008.0.i586.rpm
7e120e4166ebbf8203a05d657223c5d5 2008.0/i586/ghostscript-common-8.60-55.3mdv2008.0.i586.rpm
29685fcf8eb0bb04d59e07fcbb57973f 2008.0/i586/ghostscript-doc-8.60-55.3mdv2008.0.i586.rpm
d205693e3d3ba8da5f9197992d28ed13 2008.0/i586/ghostscript-dvipdf-8.60-55.3mdv2008.0.i586.rpm
6b4c9b0bcb0e00dfadf1e4d145a4c657 2008.0/i586/ghostscript-module-X-8.60-55.3mdv2008.0.i586.rpm
04b75844bec6d20e8d642ad0c217ad1f 2008.0/i586/ghostscript-X-8.60-55.3mdv2008.0.i586.rpm
b20ee4fa316e601a73131d0cca1b1643 2008.0/i586/libgs8-8.60-55.3mdv2008.0.i586.rpm
121aea93ce9d622fb7d5f616e442bc86 2008.0/i586/libgs8-devel-8.60-55.3mdv2008.0.i586.rpm
157190bd96bc7326ce9291a67db738cf 2008.0/i586/libijs1-0.35-55.3mdv2008.0.i586.rpm
50d401f2135225ec3cad3881ceb084bd 2008.0/i586/libijs1-devel-0.35-55.3mdv2008.0.i586.rpm
5f649dc370d0b581b067d8b5db30a1a2 2008.0/SRPMS/ghostscript-8.60-55.3mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
54292241ec99616cedd3099e4d2ff6a5 2008.0/x86_64/ghostscript-8.60-55.3mdv2008.0.x86_64.rpm
ede49cf300d10edf9b67067c13608fd2 2008.0/x86_64/ghostscript-common-8.60-55.3mdv2008.0.x86_64.rpm
e75cb4fb3d2b00ff395da26109518f6b 2008.0/x86_64/ghostscript-doc-8.60-55.3mdv2008.0.x86_64.rpm
2644ccf83047b448e0d0097bab2dad19 2008.0/x86_64/ghostscript-dvipdf-8.60-55.3mdv2008.0.x86_64.rpm
eaf0ee1db669bf25c30839b2da7782d1 2008.0/x86_64/ghostscript-module-X-8.60-55.3mdv2008.0.x86_64.rpm
62ad0f8af2eae01f62b178b6f9d1ae86 2008.0/x86_64/ghostscript-X-8.60-55.3mdv2008.0.x86_64.rpm
d96e334812d8af6448214491832ee176 2008.0/x86_64/lib64gs8-8.60-55.3mdv2008.0.x86_64.rpm
f129af9829956f8ad1aff56af496d31c 2008.0/x86_64/lib64gs8-devel-8.60-55.3mdv2008.0.x86_64.rpm
914c12790362c30b562f2a5b99748aec 2008.0/x86_64/lib64ijs1-0.35-55.3mdv2008.0.x86_64.rpm
deff12b840779e49a2d14a30d46060f1 2008.0/x86_64/lib64ijs1-devel-0.35-55.3mdv2008.0.x86_64.rpm
5f649dc370d0b581b067d8b5db30a1a2 2008.0/SRPMS/ghostscript-8.60-55.3mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLGCnxmqjQ0CJFipgRAgO1AKC3lP/mULkNhPd9/o91BePfDLB3uwCg0GjV
q4PuQczr3V0LuJ8MhlTucZM=
=e4Ko
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close