-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1746-1 security@debian.org http://www.debian.org/security/ Steffen Joeris March 20, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : ghostscript Vulnerability : several vulnerabilities Problem type : local (remote) Debian-specific: no CVE Ids : CVE-2009-0583 CVE-2009-0584 Two security issues have been discovered in ghostscript, the GPL Ghostscript PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0583 Jan Lieskovsky discovered multiple integer overflows in the ICC library, which allow the execution of arbitrary code via crafted ICC profiles in PostScript files with embedded images. CVE-2009-0584 Jan Lieskovsky discovered insufficient upper-bounds checks on certain variable sizes in the ICC library, which allow the execution of arbitrary code via crafted ICC profiles in PostScript files with embedded images. For the stable distribution (lenny), these problems have been fixed in version 8.62.dfsg.1-3.2lenny1. For the oldstable distribution (etch), these problems have been fixed in version 8.54.dfsg.1-5etch2. Please note that the package in oldstable is called gs-gpl. For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your ghostscript/gs-gpl packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1.orig.tar.gz Size/MD5 checksum: 11695732 05938e26bfa8769e28cf2bb38efd9673 http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2.diff.gz Size/MD5 checksum: 222025 2c1bc048ef7c965631c44e4f5fdf2421 http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2.dsc Size/MD5 checksum: 837 548225280e3ea0cc9f0752a0b84ee16a Architecture independent packages: http://security.debian.org/pool/updates/main/g/gs-gpl/gs_8.54.dfsg.1-5etch2_all.deb Size/MD5 checksum: 14404 acbacfffd7964c8d7e2efc6d7b0c5fff alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_alpha.deb Size/MD5 checksum: 5838820 d4e38d1dbc1265ca2b4ad8e49b8700cb amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_amd64.deb Size/MD5 checksum: 5617322 f9d719e1c72e869f0aa530057d5da244 arm architecture (ARM) http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_arm.deb Size/MD5 checksum: 5509682 3581a6fa9c7e1b7eecb139a69bad831d hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_hppa.deb Size/MD5 checksum: 5766684 408f1bc20285d13ebdaa1e92be345004 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_i386.deb Size/MD5 checksum: 5526514 3f23df691da756cd3dbd7a56b1f7baae ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_ia64.deb Size/MD5 checksum: 6551116 f0204f85d0c2342ce1df8a877b09ee68 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_mips.deb Size/MD5 checksum: 5737602 48b8a1cd5c68383cb2bd673845a26a4c mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_mipsel.deb Size/MD5 checksum: 5744092 cc66db4d6319f3115bebbe7a530950e0 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_powerpc.deb Size/MD5 checksum: 5581730 cacef2383b679cecc01b5f8b039c6a5f s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_s390.deb Size/MD5 checksum: 5536144 043ff8f2871620435156699cb28ab897 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5etch2_sparc.deb Size/MD5 checksum: 5460146 74f43838cbe0cc7e33e75f46a3ea209a Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1.dsc Size/MD5 checksum: 1535 2f2559433a5e6996e514dafcca7dd69c http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1.diff.gz Size/MD5 checksum: 100462 83f637fa1b723157588d60b00a6b3a24 http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1.orig.tar.gz Size/MD5 checksum: 12212309 42fc1b31aa745c3765c2fcd2da243236 Architecture independent packages: http://security.debian.org/pool/updates/main/g/ghostscript/gs_8.62.dfsg.1-3.2lenny1_all.deb Size/MD5 checksum: 28512 ade6aa8af31b6bac6c452ea151db60b8 http://security.debian.org/pool/updates/main/g/ghostscript/gs-common_8.62.dfsg.1-3.2lenny1_all.deb Size/MD5 checksum: 28726 10ba84f9f9385457a238ed77d89ed5c1 http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-doc_8.62.dfsg.1-3.2lenny1_all.deb Size/MD5 checksum: 2790286 6c42b8804fe67c08afac4844c132c885 http://security.debian.org/pool/updates/main/g/ghostscript/gs-esp_8.62.dfsg.1-3.2lenny1_all.deb Size/MD5 checksum: 28514 539902aa120256407c4d8e865b1c5904 http://security.debian.org/pool/updates/main/g/ghostscript/gs-gpl_8.62.dfsg.1-3.2lenny1_all.deb Size/MD5 checksum: 28514 cb5278471b25206d79427cabc4ce2ea3 http://security.debian.org/pool/updates/main/g/ghostscript/gs-aladdin_8.62.dfsg.1-3.2lenny1_all.deb Size/MD5 checksum: 28522 9443d3a57981788d7c307ecd77f7ab1c alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_alpha.deb Size/MD5 checksum: 762156 4e36f7ff8af994054cffabb253c51ba9 http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_alpha.deb Size/MD5 checksum: 2628412 1238c1f69916afdd72ef4ad265437844 http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_alpha.deb Size/MD5 checksum: 65272 e0db66adbdc1ecf15cf0bc07b331d72c http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_alpha.deb Size/MD5 checksum: 35280 dbaeb18e5f652d20f9756acdd16285bc amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_amd64.deb Size/MD5 checksum: 2324530 f5b409aaa3a652c232c6dc1c5c31b824 http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_amd64.deb Size/MD5 checksum: 35292 8589ff0d11cf1df9e8af3407cdd23ec2 http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_amd64.deb Size/MD5 checksum: 798148 311a2a0375b14bdfabb7a49c4ee5a388 http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_amd64.deb Size/MD5 checksum: 62126 286cad4bbf646f4c3db19528cde748ed arm architecture (ARM) http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_arm.deb Size/MD5 checksum: 2176974 3053978d7f749cba4ce6b68580b3733f http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_arm.deb Size/MD5 checksum: 59684 c758e0c50cc23195b1b588054591a56d http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_arm.deb Size/MD5 checksum: 34654 18d4896df4df84814f27fc8f4aa5594c http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_arm.deb Size/MD5 checksum: 796402 b04ba32752a0a9ba9c645c921100535f armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_armel.deb Size/MD5 checksum: 35296 e8e3031e8005ac8a6d312b24d5dbff23 http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_armel.deb Size/MD5 checksum: 63276 a525fc26418e4bc95bdfaa55a1bea7d6 http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_armel.deb Size/MD5 checksum: 799534 029d1ca77de78e6c123246db94f23726 http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_armel.deb Size/MD5 checksum: 2211746 d5deb1d2d75e62c41804b88c52021e1d hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_hppa.deb Size/MD5 checksum: 2568152 d57efabc1fc8076c2d31793fb7f8a4ac http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_hppa.deb Size/MD5 checksum: 796056 738411624ecf1cedf40c6437db6bbeaa http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_hppa.deb Size/MD5 checksum: 36130 9c629bb5ac49d922e0dd19bc201260af http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_hppa.deb Size/MD5 checksum: 65802 926ddc29fc040141841f7ad9939010f4 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_i386.deb Size/MD5 checksum: 60650 09929bd54215e145ccbb400bd5fd64b4 http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_i386.deb Size/MD5 checksum: 2221498 bf1da8385d836970119e02ee8ba2679d http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_i386.deb Size/MD5 checksum: 36130 ae0ac01db0c9d94dcaafd66891a19fcd http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_i386.deb Size/MD5 checksum: 797038 2b334a1592e6b8c41803a3dd350ef514 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_ia64.deb Size/MD5 checksum: 762564 b4e9e1bb352813d8598ed0820dc6d563 http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_ia64.deb Size/MD5 checksum: 80240 96679a948d589619d83926074c11a99b http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_ia64.deb Size/MD5 checksum: 35278 385266dfdf5cca6bcfe5076b6d78b804 http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_ia64.deb Size/MD5 checksum: 3615012 5be855cf7988372e69017ef193eaea81 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_mips.deb Size/MD5 checksum: 798528 2c06f890ab0f951623609c10a13ef20c http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_mips.deb Size/MD5 checksum: 36222 adef63b494296202b32fe81d979b0999 http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_mips.deb Size/MD5 checksum: 2307372 4b41acf75b32134f2bd92685a3a7ccb4 http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_mips.deb Size/MD5 checksum: 61622 f0a94415338960e5bb59ae495e395801 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_mipsel.deb Size/MD5 checksum: 35294 fe6687e3f2166d7985d117255c26540b http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_mipsel.deb Size/MD5 checksum: 61584 945878bc6fec2d0b68b726bc425a2b67 http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_mipsel.deb Size/MD5 checksum: 761978 9d56a58f19cd1822925e0f4cfd76e69f http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_mipsel.deb Size/MD5 checksum: 2299918 8c54526e2c0b82dda98fe20c5c056e92 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_powerpc.deb Size/MD5 checksum: 764044 60515f78c9c727c220d0d29bfa25a5ae http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_powerpc.deb Size/MD5 checksum: 35284 68b7094bd9cb97a252b256037c9d0594 http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_powerpc.deb Size/MD5 checksum: 2408840 63bb2dd93f575c7e66fbdc767804b4e4 http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_powerpc.deb Size/MD5 checksum: 64990 8302cc72305a647e63e1120dd310e18d s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_s390.deb Size/MD5 checksum: 762026 910f881d6eaccffd26934a949c888ca9 http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_s390.deb Size/MD5 checksum: 2436778 afd004cbeddcb57e86eb49093493d5f7 http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_s390.deb Size/MD5 checksum: 35278 40f1a8eaedf95e6b8043bff48a7dabfa http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_s390.deb Size/MD5 checksum: 63232 b847b55b28214772602aca9caa72cecd sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/g/ghostscript/libgs8_8.62.dfsg.1-3.2lenny1_sparc.deb Size/MD5 checksum: 2186660 d6f70af487a94d9a8d15bc04b2907171 http://security.debian.org/pool/updates/main/g/ghostscript/libgs-dev_8.62.dfsg.1-3.2lenny1_sparc.deb Size/MD5 checksum: 35288 7f7ffd352ce32f219136cfaa596928f7 http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript-x_8.62.dfsg.1-3.2lenny1_sparc.deb Size/MD5 checksum: 59170 01a70b61316be217c9e1eaadd452dedd http://security.debian.org/pool/updates/main/g/ghostscript/ghostscript_8.62.dfsg.1-3.2lenny1_sparc.deb Size/MD5 checksum: 761898 bd1f18ac686723643cff62993f96bfd7 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAknDYjAACgkQ62zWxYk/rQclLACcDDO2+mB5s0zdhmctk9FPspWt j/EAoLc2NmgwHuDuB6U2jbxpNcoWqCc9 =bm0f -----END PGP SIGNATURE-----