exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2009-165

Mandriva Linux Security Advisory 2009-165
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-165 - Multiple security vulnerabilities have been identified and fixed in ghostscript.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3520, CVE-2008-3522
SHA-256 | 5cf24eebbe56a194ea9cc2bb03c4bd19320dac24d63dee63d41a6250ab218361

Mandriva Linux Security Advisory 2009-165

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:165
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ghostscript
Date : July 28, 2009
Affected: Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Multiple security vulnerabilities has been identified and fixed
in ghostscript:

Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).

Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
vectors related to the mif_hdr_put function and use of vsprintf
(CVE-2008-3522).

Previousely the ghostscript packages were statically built against
a bundled and private copy of the jasper library. This update makes
ghostscript link against the shared system jasper library which
makes it easier to address presumptive future security issues in the
jasper library.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522
_______________________________________________________________________

Updated Packages:

Mandriva Enterprise Server 5:
522b6a5c361a4a6205516b882a92064b mes5/i586/ghostscript-8.63-62.3mdvmes5.i586.rpm
362fcaf29ec6ed28b776c5bbc7623a07 mes5/i586/ghostscript-common-8.63-62.3mdvmes5.i586.rpm
5957705fb7537c5386d8cce36db9b133 mes5/i586/ghostscript-doc-8.63-62.3mdvmes5.i586.rpm
fc18ad1734dfb9c561fe32f9fd4eaddc mes5/i586/ghostscript-dvipdf-8.63-62.3mdvmes5.i586.rpm
82848a8c21df381f3623feee9a7e5f06 mes5/i586/ghostscript-module-X-8.63-62.3mdvmes5.i586.rpm
a60ef4bbf6d230413798123d76c66256 mes5/i586/ghostscript-X-8.63-62.3mdvmes5.i586.rpm
63b592eb894b53f976d4fc46efb82c40 mes5/i586/libgs8-8.63-62.3mdvmes5.i586.rpm
0a985aa191f8fc700efeb5c3107dc5bc mes5/i586/libgs8-devel-8.63-62.3mdvmes5.i586.rpm
42bb3a1f0bdef682d8ed32dd4cd4a6f9 mes5/i586/libijs1-0.35-62.3mdvmes5.i586.rpm
eea9f8a2b112eb7382e3afcce2cf7b32 mes5/i586/libijs1-devel-0.35-62.3mdvmes5.i586.rpm
c81b2ecc80d4d336b772708f6d0597b8 mes5/SRPMS/ghostscript-8.63-62.3mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64:
3b171f576c4da5ed378f76fef0e0aeb2 mes5/x86_64/ghostscript-8.63-62.3mdvmes5.x86_64.rpm
ed2b0836b7a4ede822c0952ef515fafd mes5/x86_64/ghostscript-common-8.63-62.3mdvmes5.x86_64.rpm
4fed216433f8b0b57e15ba2f7db56ef5 mes5/x86_64/ghostscript-doc-8.63-62.3mdvmes5.x86_64.rpm
0a7dd5e643c5847e22aad380aa2dd9fd mes5/x86_64/ghostscript-dvipdf-8.63-62.3mdvmes5.x86_64.rpm
779b16024d8e8bfd033374b6facae06d mes5/x86_64/ghostscript-module-X-8.63-62.3mdvmes5.x86_64.rpm
c71e7fd9849cd6f068692445b9d276f8 mes5/x86_64/ghostscript-X-8.63-62.3mdvmes5.x86_64.rpm
b410c041382d1e5b0660d59444e76e5d mes5/x86_64/lib64gs8-8.63-62.3mdvmes5.x86_64.rpm
6be22e00b18420ae3869c8e992457512 mes5/x86_64/lib64gs8-devel-8.63-62.3mdvmes5.x86_64.rpm
53cd9beb7f4f864c82374e12c9650686 mes5/x86_64/lib64ijs1-0.35-62.3mdvmes5.x86_64.rpm
2715b78eba10382e254d79783e5c74bd mes5/x86_64/lib64ijs1-devel-0.35-62.3mdvmes5.x86_64.rpm
c81b2ecc80d4d336b772708f6d0597b8 mes5/SRPMS/ghostscript-8.63-62.3mdvmes5.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKbzS2mqjQ0CJFipgRAhOCAJ0QvEQDjyMuVkGWpPrsqoreAvg3zACcD8Ht
pMn92KxDJ/tQMexED1MckiM=
=ykFM
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close