-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:102 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ghostscript Date : May 19, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in ghostscript: Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file (CVE-2010-1869). Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1869 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: c1360edcc6bda79fa0f1a0f241f3cec3 2008.0/i586/ghostscript-8.60-55.4mdv2008.0.i586.rpm d02a623cf71a49f9cc262f900fed7e3a 2008.0/i586/ghostscript-common-8.60-55.4mdv2008.0.i586.rpm bae51676f8d807bbdb89ce1c6c5480c6 2008.0/i586/ghostscript-doc-8.60-55.4mdv2008.0.i586.rpm 5fef2add7461a2403a511844d20c7987 2008.0/i586/ghostscript-dvipdf-8.60-55.4mdv2008.0.i586.rpm 676509ea8efbcc200f3249d6ddfd4415 2008.0/i586/ghostscript-module-X-8.60-55.4mdv2008.0.i586.rpm 3210c5240f1fb6a35ebc7e548702ed52 2008.0/i586/ghostscript-X-8.60-55.4mdv2008.0.i586.rpm c0ec0c5654838c2d651b874fd31ab1d4 2008.0/i586/libgs8-8.60-55.4mdv2008.0.i586.rpm 5245c2f5fda2a26194d80eae9ed95eee 2008.0/i586/libgs8-devel-8.60-55.4mdv2008.0.i586.rpm 160058f2cf27d3a206349a7d9e95fe36 2008.0/i586/libijs1-0.35-55.4mdv2008.0.i586.rpm 15af2da5f6685e7099407a5433590d6f 2008.0/i586/libijs1-devel-0.35-55.4mdv2008.0.i586.rpm 3660d3ab7bf3f0549df5ee5c0fe75282 2008.0/SRPMS/ghostscript-8.60-55.4mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: af8fa9e179d9424936442ccd8652768c 2008.0/x86_64/ghostscript-8.60-55.4mdv2008.0.x86_64.rpm ecb7f8866d1a81253f05a8969ca5298b 2008.0/x86_64/ghostscript-common-8.60-55.4mdv2008.0.x86_64.rpm 154917c6a3e62e1c8a732b967bed17bd 2008.0/x86_64/ghostscript-doc-8.60-55.4mdv2008.0.x86_64.rpm 425f73ed07473af4bb82441eedeb312c 2008.0/x86_64/ghostscript-dvipdf-8.60-55.4mdv2008.0.x86_64.rpm 9c1651257fa13099729eb46122f670c9 2008.0/x86_64/ghostscript-module-X-8.60-55.4mdv2008.0.x86_64.rpm 76cb1271dd09aea19b6836776b44a823 2008.0/x86_64/ghostscript-X-8.60-55.4mdv2008.0.x86_64.rpm 1f126e7c633c6f0c0cef3b6562f4ed66 2008.0/x86_64/lib64gs8-8.60-55.4mdv2008.0.x86_64.rpm f8b9da1f427dacafaf02ab1bd9bf265d 2008.0/x86_64/lib64gs8-devel-8.60-55.4mdv2008.0.x86_64.rpm ee83e8a4732e7d32770ac78b639022b7 2008.0/x86_64/lib64ijs1-0.35-55.4mdv2008.0.x86_64.rpm 4f8628d00af7b4ecfaa0a3ccacdb1ed4 2008.0/x86_64/lib64ijs1-devel-0.35-55.4mdv2008.0.x86_64.rpm 3660d3ab7bf3f0549df5ee5c0fe75282 2008.0/SRPMS/ghostscript-8.60-55.4mdv2008.0.src.rpm Mandriva Linux 2009.0: 313c90cbecfb0550d694465260cbb20f 2009.0/i586/ghostscript-8.63-62.4mdv2009.0.i586.rpm 92529376e7d97597d7e26b78907a1ef7 2009.0/i586/ghostscript-common-8.63-62.4mdv2009.0.i586.rpm 44a4a7e35bc90c9e182a11914e3c544e 2009.0/i586/ghostscript-doc-8.63-62.4mdv2009.0.i586.rpm bf0ccaf33210a597f13a50c4cdd2ed5a 2009.0/i586/ghostscript-dvipdf-8.63-62.4mdv2009.0.i586.rpm 6f51150145c3f4c4dcf6246d4d09ae34 2009.0/i586/ghostscript-module-X-8.63-62.4mdv2009.0.i586.rpm aeedaac055088476373e4132e6246aa8 2009.0/i586/ghostscript-X-8.63-62.4mdv2009.0.i586.rpm da6acb6651bef2476e57a8e532bfa1df 2009.0/i586/libgs8-8.63-62.4mdv2009.0.i586.rpm 7cf648668272889a57f24ecda15d61fe 2009.0/i586/libgs8-devel-8.63-62.4mdv2009.0.i586.rpm 5d6f3e8918640c1613b1c52a2ee5be9c 2009.0/i586/libijs1-0.35-62.4mdv2009.0.i586.rpm 5c86592e180faf768e4df4294f173d77 2009.0/i586/libijs1-devel-0.35-62.4mdv2009.0.i586.rpm 0f4df74cabfdabb8044df866629ded1d 2009.0/SRPMS/ghostscript-8.63-62.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 4d99897152b722af1790ee2d21477f98 2009.0/x86_64/ghostscript-8.63-62.4mdv2009.0.x86_64.rpm f7b37265291b0009eb9192e54ae85ae5 2009.0/x86_64/ghostscript-common-8.63-62.4mdv2009.0.x86_64.rpm 84328212d3054a260794c71c2b98d378 2009.0/x86_64/ghostscript-doc-8.63-62.4mdv2009.0.x86_64.rpm 80b3021580aaf26899a76d50105afc12 2009.0/x86_64/ghostscript-dvipdf-8.63-62.4mdv2009.0.x86_64.rpm dc8dd899efe90df34ba88b179544234d 2009.0/x86_64/ghostscript-module-X-8.63-62.4mdv2009.0.x86_64.rpm 46eca8c6a32a8ed1187d9ec73ceddc51 2009.0/x86_64/ghostscript-X-8.63-62.4mdv2009.0.x86_64.rpm c84e7a4d7ac2787413a170f8cf717ab2 2009.0/x86_64/lib64gs8-8.63-62.4mdv2009.0.x86_64.rpm a6e22b819a271a8b3b9be359bf9a9322 2009.0/x86_64/lib64gs8-devel-8.63-62.4mdv2009.0.x86_64.rpm 11d9d6d305015e0b5f3476d16f035289 2009.0/x86_64/lib64ijs1-0.35-62.4mdv2009.0.x86_64.rpm ed90dc82c29f5fe1eeb8ecbc6a430e2a 2009.0/x86_64/lib64ijs1-devel-0.35-62.4mdv2009.0.x86_64.rpm 0f4df74cabfdabb8044df866629ded1d 2009.0/SRPMS/ghostscript-8.63-62.4mdv2009.0.src.rpm Mandriva Linux 2009.1: b347c5be523982da5b669b4ebca2e0ba 2009.1/i586/ghostscript-8.64-65.2mdv2009.1.i586.rpm b6ecc633210f7012c39aaad50ced24db 2009.1/i586/ghostscript-common-8.64-65.2mdv2009.1.i586.rpm 4e5f0f9f1e0ed63779cfd0e58bcbeb2f 2009.1/i586/ghostscript-doc-8.64-65.2mdv2009.1.i586.rpm 0b9eb533d78d8ac0edfe21b74879b3c7 2009.1/i586/ghostscript-dvipdf-8.64-65.2mdv2009.1.i586.rpm 11630a17c9c82c899c965e76f0c563da 2009.1/i586/ghostscript-module-X-8.64-65.2mdv2009.1.i586.rpm f564cd779df316cfbbebcc105a8e28d2 2009.1/i586/ghostscript-X-8.64-65.2mdv2009.1.i586.rpm 4ea5a21cfdd3d1d7128d4c07b14b39dd 2009.1/i586/libgs8-8.64-65.2mdv2009.1.i586.rpm 5498873fa9c05f336acc16c1993b0797 2009.1/i586/libgs8-devel-8.64-65.2mdv2009.1.i586.rpm 18e11befa41022995911ff65a7b807c3 2009.1/i586/libijs1-0.35-65.2mdv2009.1.i586.rpm 190fbe724fb037dd3929da67a594c928 2009.1/i586/libijs1-devel-0.35-65.2mdv2009.1.i586.rpm 13d3c8bfdb740bf7b451fe4863227024 2009.1/SRPMS/ghostscript-8.64-65.2mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: f367530ff49048e50fa6dae831c85dda 2009.1/x86_64/ghostscript-8.64-65.2mdv2009.1.x86_64.rpm bc898737acfc5e8438b385598ae9b46e 2009.1/x86_64/ghostscript-common-8.64-65.2mdv2009.1.x86_64.rpm fc01dbc8a909ab2e7d02d9b709e82871 2009.1/x86_64/ghostscript-doc-8.64-65.2mdv2009.1.x86_64.rpm 694077d119862d5f4823492969088b3f 2009.1/x86_64/ghostscript-dvipdf-8.64-65.2mdv2009.1.x86_64.rpm f6bec3c1704e462749de36c46f4db204 2009.1/x86_64/ghostscript-module-X-8.64-65.2mdv2009.1.x86_64.rpm 9b2717c43494f263d7a37e25a19bdcc1 2009.1/x86_64/ghostscript-X-8.64-65.2mdv2009.1.x86_64.rpm 29df7661133e45f7769f776041288e51 2009.1/x86_64/lib64gs8-8.64-65.2mdv2009.1.x86_64.rpm ed3fc7c79b8f5e23cfaa32601501a69b 2009.1/x86_64/lib64gs8-devel-8.64-65.2mdv2009.1.x86_64.rpm 0dd8294088520e83ffcb0818ecdb7ad3 2009.1/x86_64/lib64ijs1-0.35-65.2mdv2009.1.x86_64.rpm b1fcb9b697ec0717f3f27b94da1767d6 2009.1/x86_64/lib64ijs1-devel-0.35-65.2mdv2009.1.x86_64.rpm 13d3c8bfdb740bf7b451fe4863227024 2009.1/SRPMS/ghostscript-8.64-65.2mdv2009.1.src.rpm Mandriva Linux 2010.0: 7a648f7050536a867d407999c02efe53 2010.0/i586/ghostscript-8.64-69.1mdv2010.0.i586.rpm 50e716baff81b930f25807f6e38aa084 2010.0/i586/ghostscript-common-8.64-69.1mdv2010.0.i586.rpm 73c2017d6a19d94edbf20474873e6eac 2010.0/i586/ghostscript-doc-8.64-69.1mdv2010.0.i586.rpm 0146e7c7ce4b5ed519654fe6ea618ba3 2010.0/i586/ghostscript-dvipdf-8.64-69.1mdv2010.0.i586.rpm c38e2e9b62814ddff5c43edf20c9feac 2010.0/i586/ghostscript-module-X-8.64-69.1mdv2010.0.i586.rpm 2d89a346e39d48cb8a0949fa7545e7ce 2010.0/i586/ghostscript-X-8.64-69.1mdv2010.0.i586.rpm a38d3c8e82aff09967da065417d18367 2010.0/i586/libgs8-8.64-69.1mdv2010.0.i586.rpm eca82980f75e33be4f5e9357f1affb1c 2010.0/i586/libgs8-devel-8.64-69.1mdv2010.0.i586.rpm 13ad034d9c766245e688d000c4d3aca5 2010.0/i586/libijs1-0.35-69.1mdv2010.0.i586.rpm 83c45b12a0fa06e9f76aa5da146a7b54 2010.0/i586/libijs1-devel-0.35-69.1mdv2010.0.i586.rpm 05633c1ea524326727a7db485c72539f 2010.0/SRPMS/ghostscript-8.64-69.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: de947e192d4fd19c3757371b04d47115 2010.0/x86_64/ghostscript-8.64-69.1mdv2010.0.x86_64.rpm af183bf415c188407626d3028c96fcfb 2010.0/x86_64/ghostscript-common-8.64-69.1mdv2010.0.x86_64.rpm db4dd5a32f5ac87dad503f3b3b4648f5 2010.0/x86_64/ghostscript-doc-8.64-69.1mdv2010.0.x86_64.rpm 8deb6ff64eaec9a9a2b8fa6b8e36a23b 2010.0/x86_64/ghostscript-dvipdf-8.64-69.1mdv2010.0.x86_64.rpm 56cd07afffaf82faebb76bdc317a4b79 2010.0/x86_64/ghostscript-module-X-8.64-69.1mdv2010.0.x86_64.rpm 564cc4f8a43caf41d3faf56848dddb1f 2010.0/x86_64/ghostscript-X-8.64-69.1mdv2010.0.x86_64.rpm a4379f933a5fe1e06132b91ab2a592e7 2010.0/x86_64/lib64gs8-8.64-69.1mdv2010.0.x86_64.rpm 5288d2a1807da31f2b3884034f3c43aa 2010.0/x86_64/lib64gs8-devel-8.64-69.1mdv2010.0.x86_64.rpm 92adaf591aba09e6735c4e764764b3a8 2010.0/x86_64/lib64ijs1-0.35-69.1mdv2010.0.x86_64.rpm 9bb1e4d39faf5a197f250b0f2a8347dd 2010.0/x86_64/lib64ijs1-devel-0.35-69.1mdv2010.0.x86_64.rpm 05633c1ea524326727a7db485c72539f 2010.0/SRPMS/ghostscript-8.64-69.1mdv2010.0.src.rpm Corporate 4.0: 9cb8f3900c93bb991986ba9cb4bc30e8 corporate/4.0/i586/ghostscript-8.15-46.3.20060mlcs4.i586.rpm f828214a2c138a3d85120d30dec34c4d corporate/4.0/i586/ghostscript-common-8.15-46.3.20060mlcs4.i586.rpm bf635e5a119e66182b3eb60af9aad944 corporate/4.0/i586/ghostscript-dvipdf-8.15-46.3.20060mlcs4.i586.rpm a91390460c04bf47be2600ac75120241 corporate/4.0/i586/ghostscript-module-X-8.15-46.3.20060mlcs4.i586.rpm e0c399cff8fa6c20526aec6df79c3fd8 corporate/4.0/i586/ghostscript-X-8.15-46.3.20060mlcs4.i586.rpm 21741e45e78a0c2dec56f59e711ce09e corporate/4.0/i586/libgs8-8.15-46.3.20060mlcs4.i586.rpm 69185151ea9b0f1e3a0a60a391a0506e corporate/4.0/i586/libgs8-devel-8.15-46.3.20060mlcs4.i586.rpm 72222457301550f58dee02d070b1ed95 corporate/4.0/i586/libijs1-0.35-46.3.20060mlcs4.i586.rpm c8f5c821561fb3baf9acf7496d3e7b3a corporate/4.0/i586/libijs1-devel-0.35-46.3.20060mlcs4.i586.rpm 4f4fbfbe952492d6cb028020b11503de corporate/4.0/SRPMS/ghostscript-8.15-46.3.20060mlcs4.src.rpm Corporate 4.0/X86_64: 5b33ba915d6261abbfc6dad1222a8bff corporate/4.0/x86_64/ghostscript-8.15-46.3.20060mlcs4.x86_64.rpm 5093e1bc56583303dd20d3f5f9194239 corporate/4.0/x86_64/ghostscript-common-8.15-46.3.20060mlcs4.x86_64.rpm 15a3f7d7631b5c3815e23aef619b74ad corporate/4.0/x86_64/ghostscript-dvipdf-8.15-46.3.20060mlcs4.x86_64.rpm 97a12577502cca5c55ec473b02c4513f corporate/4.0/x86_64/ghostscript-module-X-8.15-46.3.20060mlcs4.x86_64.rpm bd3cdc393b6ee0178e4c5c9f04197d90 corporate/4.0/x86_64/ghostscript-X-8.15-46.3.20060mlcs4.x86_64.rpm 698f95ea98989cc550e538ee84d81165 corporate/4.0/x86_64/lib64gs8-8.15-46.3.20060mlcs4.x86_64.rpm 4d9ecd9c9653a9919dc3a94c19ad2fd8 corporate/4.0/x86_64/lib64gs8-devel-8.15-46.3.20060mlcs4.x86_64.rpm b4b6bb5147eeae90de565fdb36bc497c corporate/4.0/x86_64/lib64ijs1-0.35-46.3.20060mlcs4.x86_64.rpm 7bcfd3d13f3fd56f250d45c1951ec716 corporate/4.0/x86_64/lib64ijs1-devel-0.35-46.3.20060mlcs4.x86_64.rpm 4f4fbfbe952492d6cb028020b11503de corporate/4.0/SRPMS/ghostscript-8.15-46.3.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 86624ba14e7c0fdd9856725dfe7644e7 mes5/i586/ghostscript-8.63-62.4mdvmes5.1.i586.rpm 2b124bd39a9b6cd96de26f657fde5dbd mes5/i586/ghostscript-common-8.63-62.4mdvmes5.1.i586.rpm eb3b05bca5cbc8edce86d83ed908ea7f mes5/i586/ghostscript-doc-8.63-62.4mdvmes5.1.i586.rpm 31593b2e8da79e4af8afbcfb8899ea43 mes5/i586/ghostscript-dvipdf-8.63-62.4mdvmes5.1.i586.rpm 1d8254b2063933769c5f58bb45553bff mes5/i586/ghostscript-module-X-8.63-62.4mdvmes5.1.i586.rpm 070c094d2195733316efb75c416bc612 mes5/i586/ghostscript-X-8.63-62.4mdvmes5.1.i586.rpm b23d826a174479964126b73ff3238495 mes5/i586/libgs8-8.63-62.4mdvmes5.1.i586.rpm 79da2ab04cc49f3cf33f5a22d8e368a3 mes5/i586/libgs8-devel-8.63-62.4mdvmes5.1.i586.rpm 54f4c76fdda312a6332acbc733413363 mes5/i586/libijs1-0.35-62.4mdvmes5.1.i586.rpm a168e7f8498acd6c1c89187b43918971 mes5/i586/libijs1-devel-0.35-62.4mdvmes5.1.i586.rpm 0bca27a00704c2ac8896caaba43aa8cb mes5/SRPMS/ghostscript-8.63-62.4mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 6546f0b510efbe11367ea5c14d84ced7 mes5/x86_64/ghostscript-8.63-62.4mdvmes5.1.x86_64.rpm df26a454dfb3d9feb396133c93a5bacd mes5/x86_64/ghostscript-common-8.63-62.4mdvmes5.1.x86_64.rpm 2da8d9cdab1e81d2bca5a32f9d17838d mes5/x86_64/ghostscript-doc-8.63-62.4mdvmes5.1.x86_64.rpm d42d41adea2a77cf0dd204222d1fcd3c mes5/x86_64/ghostscript-dvipdf-8.63-62.4mdvmes5.1.x86_64.rpm 2c8bdac0fc03185381918a5471104bf9 mes5/x86_64/ghostscript-module-X-8.63-62.4mdvmes5.1.x86_64.rpm 2f8c45e461f2365641ad973c294cf246 mes5/x86_64/ghostscript-X-8.63-62.4mdvmes5.1.x86_64.rpm 0cc3dfad8881a1b2e7440b9a88463720 mes5/x86_64/lib64gs8-8.63-62.4mdvmes5.1.x86_64.rpm a3282f4cb62138b656e9e2b499a362bd mes5/x86_64/lib64gs8-devel-8.63-62.4mdvmes5.1.x86_64.rpm ba01f7b7ed7e9de0b68b138ceaf09229 mes5/x86_64/lib64ijs1-0.35-62.4mdvmes5.1.x86_64.rpm 726fe6f338a3f4db537d99f14abc6d81 mes5/x86_64/lib64ijs1-devel-0.35-62.4mdvmes5.1.x86_64.rpm 0bca27a00704c2ac8896caaba43aa8cb mes5/SRPMS/ghostscript-8.63-62.4mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFL9Bk1mqjQ0CJFipgRAhZmAJ9JHzNBU4Q6OlJcIMoyQ50LW/+4BQCgv+rh nO++o+wcghpkSCXfpkasmSk= =q2JM -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/