-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:311 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ghostscript Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________ Problem Description: Multiple security vulnerabilities has been identified and fixed in ghostscript: A buffer underflow in Ghostscript's CCITTFax decoding filter allows remote attackers to cause denial of service and possibly to execute arbitrary by using a crafted PDF file (CVE-2007-6725). Buffer overflow in Ghostscript's BaseFont writer module allows remote attackers to cause a denial of service and possibly to execute arbitrary code via a crafted Postscript file (CVE-2008-6679). Multiple interger overflows in Ghostsript's International Color Consortium Format Library (icclib) allows attackers to cause denial of service (heap-based buffer overflow and application crash) and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images (CVE-2009-0583, CVE-2009-0584). Multiple interger overflows in Ghostsript's International Color Consortium Format Library (icclib) allows attackers to cause denial of service (heap-based buffer overflow and application crash) and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images. Note: this issue exists because of an incomplete fix for CVE-2009-0583 (CVE-2009-0792). Heap-based overflow in Ghostscript's JBIG2 decoding library allows attackers to cause denial of service and possibly to execute arbitrary code by using a crafted PDF file (CVE-2009-0196). Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520). Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522). Previousely the ghostscript packages were statically built against a bundled and private copy of the jasper library. This update makes ghostscript link against the shared system jasper library which makes it easier to address presumptive future security issues in the jasper library. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for that vulnerabilities. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: d419c4cc3452b90b350c8fda68bf29f8 2008.0/i586/ghostscript-8.60-55.3mdv2008.0.i586.rpm 7e120e4166ebbf8203a05d657223c5d5 2008.0/i586/ghostscript-common-8.60-55.3mdv2008.0.i586.rpm 29685fcf8eb0bb04d59e07fcbb57973f 2008.0/i586/ghostscript-doc-8.60-55.3mdv2008.0.i586.rpm d205693e3d3ba8da5f9197992d28ed13 2008.0/i586/ghostscript-dvipdf-8.60-55.3mdv2008.0.i586.rpm 6b4c9b0bcb0e00dfadf1e4d145a4c657 2008.0/i586/ghostscript-module-X-8.60-55.3mdv2008.0.i586.rpm 04b75844bec6d20e8d642ad0c217ad1f 2008.0/i586/ghostscript-X-8.60-55.3mdv2008.0.i586.rpm b20ee4fa316e601a73131d0cca1b1643 2008.0/i586/libgs8-8.60-55.3mdv2008.0.i586.rpm 121aea93ce9d622fb7d5f616e442bc86 2008.0/i586/libgs8-devel-8.60-55.3mdv2008.0.i586.rpm 157190bd96bc7326ce9291a67db738cf 2008.0/i586/libijs1-0.35-55.3mdv2008.0.i586.rpm 50d401f2135225ec3cad3881ceb084bd 2008.0/i586/libijs1-devel-0.35-55.3mdv2008.0.i586.rpm 5f649dc370d0b581b067d8b5db30a1a2 2008.0/SRPMS/ghostscript-8.60-55.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 54292241ec99616cedd3099e4d2ff6a5 2008.0/x86_64/ghostscript-8.60-55.3mdv2008.0.x86_64.rpm ede49cf300d10edf9b67067c13608fd2 2008.0/x86_64/ghostscript-common-8.60-55.3mdv2008.0.x86_64.rpm e75cb4fb3d2b00ff395da26109518f6b 2008.0/x86_64/ghostscript-doc-8.60-55.3mdv2008.0.x86_64.rpm 2644ccf83047b448e0d0097bab2dad19 2008.0/x86_64/ghostscript-dvipdf-8.60-55.3mdv2008.0.x86_64.rpm eaf0ee1db669bf25c30839b2da7782d1 2008.0/x86_64/ghostscript-module-X-8.60-55.3mdv2008.0.x86_64.rpm 62ad0f8af2eae01f62b178b6f9d1ae86 2008.0/x86_64/ghostscript-X-8.60-55.3mdv2008.0.x86_64.rpm d96e334812d8af6448214491832ee176 2008.0/x86_64/lib64gs8-8.60-55.3mdv2008.0.x86_64.rpm f129af9829956f8ad1aff56af496d31c 2008.0/x86_64/lib64gs8-devel-8.60-55.3mdv2008.0.x86_64.rpm 914c12790362c30b562f2a5b99748aec 2008.0/x86_64/lib64ijs1-0.35-55.3mdv2008.0.x86_64.rpm deff12b840779e49a2d14a30d46060f1 2008.0/x86_64/lib64ijs1-devel-0.35-55.3mdv2008.0.x86_64.rpm 5f649dc370d0b581b067d8b5db30a1a2 2008.0/SRPMS/ghostscript-8.60-55.3mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLGCnxmqjQ0CJFipgRAgO1AKC3lP/mULkNhPd9/o91BePfDLB3uwCg0GjV q4PuQczr3V0LuJ8MhlTucZM= =e4Ko -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/