-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:134 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ghostscript Date : July 15, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in ghostscript: Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver (CVE-2009-4270). Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter (CVE-2010-1628). As a precaution ghostscriptc has been rebuilt to link against the system libpng library which was fixed with MDVSA-2010:133 Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4270 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1628 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 77eb5421a46b0d03ca9d58116a0280f9 2008.0/i586/ghostscript-8.60-55.5mdv2008.0.i586.rpm 5a39cfe3e1aba95a8d658759a3a5119e 2008.0/i586/ghostscript-common-8.60-55.5mdv2008.0.i586.rpm 3b5e53fd83a0e41975cc84c329c21594 2008.0/i586/ghostscript-doc-8.60-55.5mdv2008.0.i586.rpm 5dcd284dfa85fc4b575e012edd3b39db 2008.0/i586/ghostscript-dvipdf-8.60-55.5mdv2008.0.i586.rpm 0da4a916b42c7b2e31b496ce9978da90 2008.0/i586/ghostscript-module-X-8.60-55.5mdv2008.0.i586.rpm 32f750da9a64ae9a25391515b72dd1ca 2008.0/i586/ghostscript-X-8.60-55.5mdv2008.0.i586.rpm ce643129766855bf3976fb29be85684b 2008.0/i586/libgs8-8.60-55.5mdv2008.0.i586.rpm edc97f2de46cb03283436b15b93cd093 2008.0/i586/libgs8-devel-8.60-55.5mdv2008.0.i586.rpm 3e3241cb2ff1f10159e4d20110de28ae 2008.0/i586/libijs1-0.35-55.5mdv2008.0.i586.rpm 4a9ee540dd1cf0af9f1580b4e85e95c0 2008.0/i586/libijs1-devel-0.35-55.5mdv2008.0.i586.rpm 05e58cdb44a830721622f03f262c858b 2008.0/SRPMS/ghostscript-8.60-55.5mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 66084a543e49442a6c4c9643cf820d94 2008.0/x86_64/ghostscript-8.60-55.5mdv2008.0.x86_64.rpm 53145f9250eba28db65dd84697387ec5 2008.0/x86_64/ghostscript-common-8.60-55.5mdv2008.0.x86_64.rpm f5345590252c85fe0f95917ddaf16f6e 2008.0/x86_64/ghostscript-doc-8.60-55.5mdv2008.0.x86_64.rpm 57ec8f3f89ebc005db47f0785a807118 2008.0/x86_64/ghostscript-dvipdf-8.60-55.5mdv2008.0.x86_64.rpm 63ad2bcb12966485bcea3495139e1ebd 2008.0/x86_64/ghostscript-module-X-8.60-55.5mdv2008.0.x86_64.rpm 7cf90c19eba8a01dd056723e27a51f40 2008.0/x86_64/ghostscript-X-8.60-55.5mdv2008.0.x86_64.rpm ac8802d8efa7366b30e49883dca1295d 2008.0/x86_64/lib64gs8-8.60-55.5mdv2008.0.x86_64.rpm e9caace723a0beae5d4183c6b96de445 2008.0/x86_64/lib64gs8-devel-8.60-55.5mdv2008.0.x86_64.rpm 798a01a8db97ea16d98e81ba6c8dea8e 2008.0/x86_64/lib64ijs1-0.35-55.5mdv2008.0.x86_64.rpm 3181d98d311b12946dc1042d89869529 2008.0/x86_64/lib64ijs1-devel-0.35-55.5mdv2008.0.x86_64.rpm 05e58cdb44a830721622f03f262c858b 2008.0/SRPMS/ghostscript-8.60-55.5mdv2008.0.src.rpm Mandriva Linux 2009.0: a352af34572fb9e61623d4300c55d871 2009.0/i586/ghostscript-8.63-62.5mdv2009.0.i586.rpm 803e53b01b231e877e20ae4568c4f8e9 2009.0/i586/ghostscript-common-8.63-62.5mdv2009.0.i586.rpm b5ae1e9bd8005bc6488e69118595f251 2009.0/i586/ghostscript-doc-8.63-62.5mdv2009.0.i586.rpm 05962f8f37a5f88bf8386f20860c4f62 2009.0/i586/ghostscript-dvipdf-8.63-62.5mdv2009.0.i586.rpm 214945b1dd718ca417a3ce68e419f620 2009.0/i586/ghostscript-module-X-8.63-62.5mdv2009.0.i586.rpm c0529b523a194b493c1b940bec07c430 2009.0/i586/ghostscript-X-8.63-62.5mdv2009.0.i586.rpm a70d34ac01d71685dc8c8494c8626896 2009.0/i586/libgs8-8.63-62.5mdv2009.0.i586.rpm a02fe0054f39218ef0c4567d977fb352 2009.0/i586/libgs8-devel-8.63-62.5mdv2009.0.i586.rpm 4e289a72cd71091d2edb82061a400244 2009.0/i586/libijs1-0.35-62.5mdv2009.0.i586.rpm ae1a12a3fd40a00b5c0de26a548aef19 2009.0/i586/libijs1-devel-0.35-62.5mdv2009.0.i586.rpm b637e0180a53c807e7140e2f85925a6a 2009.0/SRPMS/ghostscript-8.63-62.5mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 3f9f69cf8152862a4b31b7ea4c13b2ac 2009.0/x86_64/ghostscript-8.63-62.5mdv2009.0.x86_64.rpm fb79da17f6fc6046cf4929e18e6a288d 2009.0/x86_64/ghostscript-common-8.63-62.5mdv2009.0.x86_64.rpm 360a7b1646f34a4efe01537b0cc60c66 2009.0/x86_64/ghostscript-doc-8.63-62.5mdv2009.0.x86_64.rpm 1c63d2d891288d29bd92373184fe5b4d 2009.0/x86_64/ghostscript-dvipdf-8.63-62.5mdv2009.0.x86_64.rpm e5f01a1b3ef5578a7018a58f505ed7d5 2009.0/x86_64/ghostscript-module-X-8.63-62.5mdv2009.0.x86_64.rpm b6f421b572edf107cad43ceae7fd3c1c 2009.0/x86_64/ghostscript-X-8.63-62.5mdv2009.0.x86_64.rpm 987f21c61e8f0912e50b1a95c1cb7038 2009.0/x86_64/lib64gs8-8.63-62.5mdv2009.0.x86_64.rpm 75f5bb7525ceb5d62b7c39d0b14990d4 2009.0/x86_64/lib64gs8-devel-8.63-62.5mdv2009.0.x86_64.rpm 48b98d77285131b557a414044edb1668 2009.0/x86_64/lib64ijs1-0.35-62.5mdv2009.0.x86_64.rpm 7067034cd5f794f80003f1e99d39d685 2009.0/x86_64/lib64ijs1-devel-0.35-62.5mdv2009.0.x86_64.rpm b637e0180a53c807e7140e2f85925a6a 2009.0/SRPMS/ghostscript-8.63-62.5mdv2009.0.src.rpm Mandriva Linux 2009.1: 32dd01420bbe2d9a92871d3738f2da4e 2009.1/i586/ghostscript-8.64-65.3mdv2009.1.i586.rpm 23e4d42365de5b46d4c5c9054f74346b 2009.1/i586/ghostscript-common-8.64-65.3mdv2009.1.i586.rpm b57dcba125a5690dcc28cdb8c05f4332 2009.1/i586/ghostscript-doc-8.64-65.3mdv2009.1.i586.rpm f4b88cdf43836f42ddceb8a1aabe763f 2009.1/i586/ghostscript-dvipdf-8.64-65.3mdv2009.1.i586.rpm 0cc3d0308cd23be9824c1200e898b714 2009.1/i586/ghostscript-module-X-8.64-65.3mdv2009.1.i586.rpm ebb659e60af62c274bef282022152d38 2009.1/i586/ghostscript-X-8.64-65.3mdv2009.1.i586.rpm ff943713120978fab615299743cfa51f 2009.1/i586/libgs8-8.64-65.3mdv2009.1.i586.rpm ec0c79022a682afae03f93fe1cc8a39f 2009.1/i586/libgs8-devel-8.64-65.3mdv2009.1.i586.rpm 751d6177f35e9ffcd9756f7ce2316105 2009.1/i586/libijs1-0.35-65.3mdv2009.1.i586.rpm 4b2a5919a2aff5cea48818060fdeabdc 2009.1/i586/libijs1-devel-0.35-65.3mdv2009.1.i586.rpm c867b4c99ead7107153a45dcd132b552 2009.1/SRPMS/ghostscript-8.64-65.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: f64004b9f8ac0babd18ef804baee8e42 2009.1/x86_64/ghostscript-8.64-65.3mdv2009.1.x86_64.rpm c9eded731e1fb8e0656d223cc8a70f13 2009.1/x86_64/ghostscript-common-8.64-65.3mdv2009.1.x86_64.rpm 94d39d62799e4140c6bdd8c77d3c5ee2 2009.1/x86_64/ghostscript-doc-8.64-65.3mdv2009.1.x86_64.rpm 11f9e7b24d865dc1cc9c4f98a5c818d1 2009.1/x86_64/ghostscript-dvipdf-8.64-65.3mdv2009.1.x86_64.rpm db63a65d1e861654b4a122b219ad8ce0 2009.1/x86_64/ghostscript-module-X-8.64-65.3mdv2009.1.x86_64.rpm 35588ab514e30f1ff522c93c04b3d0ac 2009.1/x86_64/ghostscript-X-8.64-65.3mdv2009.1.x86_64.rpm 1f9e3b056ace305a8dd051adbddfa447 2009.1/x86_64/lib64gs8-8.64-65.3mdv2009.1.x86_64.rpm 09dd08b131fd2ced7c7a37915d8ea814 2009.1/x86_64/lib64gs8-devel-8.64-65.3mdv2009.1.x86_64.rpm c1fa0c4f8f66994067a0ecc8e62d3d98 2009.1/x86_64/lib64ijs1-0.35-65.3mdv2009.1.x86_64.rpm 6a8269b04a47973e584e9f688f1f495c 2009.1/x86_64/lib64ijs1-devel-0.35-65.3mdv2009.1.x86_64.rpm c867b4c99ead7107153a45dcd132b552 2009.1/SRPMS/ghostscript-8.64-65.3mdv2009.1.src.rpm Mandriva Linux 2010.0: 49383f4ecfb6c67f90b4253f2086a4ef 2010.0/i586/ghostscript-8.64-69.2mdv2010.0.i586.rpm f9aca4fbc7cca234123d3c5af21c6f97 2010.0/i586/ghostscript-common-8.64-69.2mdv2010.0.i586.rpm 6a0128bd507a0b80b3933de2227dbbd1 2010.0/i586/ghostscript-doc-8.64-69.2mdv2010.0.i586.rpm e6390ef67a422eef9728e694b28aeb93 2010.0/i586/ghostscript-dvipdf-8.64-69.2mdv2010.0.i586.rpm 78ede34b12fa4bfa6e22e9ee4987831e 2010.0/i586/ghostscript-module-X-8.64-69.2mdv2010.0.i586.rpm d51a4cc8715d52b9421f5f95ae750085 2010.0/i586/ghostscript-X-8.64-69.2mdv2010.0.i586.rpm be5f616da9bd1c3418b0f47d570df3b7 2010.0/i586/libgs8-8.64-69.2mdv2010.0.i586.rpm 7d19299369d8ea4ae713670475722fe2 2010.0/i586/libgs8-devel-8.64-69.2mdv2010.0.i586.rpm 998d12bc315dcff5def6fe2a937175ff 2010.0/i586/libijs1-0.35-69.2mdv2010.0.i586.rpm 55f1a1c8a8a9da32e4129969ecbd7b4a 2010.0/i586/libijs1-devel-0.35-69.2mdv2010.0.i586.rpm 3304d6203f6a6df245c3a719267006bc 2010.0/SRPMS/ghostscript-8.64-69.2mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 8c7785864300bc175e8f0de15e9039a7 2010.0/x86_64/ghostscript-8.64-69.2mdv2010.0.x86_64.rpm 8b3434aa65e1751390e2976f4d209593 2010.0/x86_64/ghostscript-common-8.64-69.2mdv2010.0.x86_64.rpm 0f0945a3a1e410359248f508971e3ac8 2010.0/x86_64/ghostscript-doc-8.64-69.2mdv2010.0.x86_64.rpm 6da764113d1bfbc952050b804b83bbd5 2010.0/x86_64/ghostscript-dvipdf-8.64-69.2mdv2010.0.x86_64.rpm 34718b39dd7b09d52e628f0db0f776b0 2010.0/x86_64/ghostscript-module-X-8.64-69.2mdv2010.0.x86_64.rpm d3b3227b352b02514f8010b5cf107c96 2010.0/x86_64/ghostscript-X-8.64-69.2mdv2010.0.x86_64.rpm 0b92a8f8b4473c75f18fd9d1b25d1ae2 2010.0/x86_64/lib64gs8-8.64-69.2mdv2010.0.x86_64.rpm f0d9d3af320d1df93720d9c02f9a5498 2010.0/x86_64/lib64gs8-devel-8.64-69.2mdv2010.0.x86_64.rpm f264cb770d9532c68ee69c3e48a6472d 2010.0/x86_64/lib64ijs1-0.35-69.2mdv2010.0.x86_64.rpm 1b043258fa19ffe7e3b75f12c9872313 2010.0/x86_64/lib64ijs1-devel-0.35-69.2mdv2010.0.x86_64.rpm 3304d6203f6a6df245c3a719267006bc 2010.0/SRPMS/ghostscript-8.64-69.2mdv2010.0.src.rpm Mandriva Enterprise Server 5: 5e83aa57503fbbc9208881c41bf0617d mes5/i586/ghostscript-8.63-62.5mdvmes5.1.i586.rpm dcca03b0ae071f83d49a3df7dfe5be04 mes5/i586/ghostscript-common-8.63-62.5mdvmes5.1.i586.rpm f6519be8e34bf9deabf5f9a8fab97b9d mes5/i586/ghostscript-doc-8.63-62.5mdvmes5.1.i586.rpm 22ad173ae67e7febf9b052f5659936d8 mes5/i586/ghostscript-dvipdf-8.63-62.5mdvmes5.1.i586.rpm 47f9eb2574eff34348b41a0124171056 mes5/i586/ghostscript-module-X-8.63-62.5mdvmes5.1.i586.rpm 71a6d36a00f818cfbdff90010563bd1c mes5/i586/ghostscript-X-8.63-62.5mdvmes5.1.i586.rpm cd879dd0960d9f46ea929d2ff515390a mes5/i586/libgs8-8.63-62.5mdvmes5.1.i586.rpm 653648203476bfbf855139a4b380394b mes5/i586/libgs8-devel-8.63-62.5mdvmes5.1.i586.rpm 6985d25ec775b44ffe31a91e09aaa2c1 mes5/i586/libijs1-0.35-62.5mdvmes5.1.i586.rpm caf102b269fca1da65f74c0e8beb2089 mes5/i586/libijs1-devel-0.35-62.5mdvmes5.1.i586.rpm effe8f02d35bd41f611c0f99f834c6b1 mes5/SRPMS/ghostscript-8.63-62.5mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 4a2946625f401314a651997e033ac21d mes5/x86_64/ghostscript-8.63-62.5mdvmes5.1.x86_64.rpm ba4bc52599001153edf1e98a8e6ca848 mes5/x86_64/ghostscript-common-8.63-62.5mdvmes5.1.x86_64.rpm 00297d12b503b3f5659659b440bcd49e mes5/x86_64/ghostscript-doc-8.63-62.5mdvmes5.1.x86_64.rpm d10f7b6178049a5751d3415c683d9588 mes5/x86_64/ghostscript-dvipdf-8.63-62.5mdvmes5.1.x86_64.rpm bfd9c01188f12d58ce93ce2ef82ae167 mes5/x86_64/ghostscript-module-X-8.63-62.5mdvmes5.1.x86_64.rpm 3d5c373f2938b0ac44bfb2b6229a7593 mes5/x86_64/ghostscript-X-8.63-62.5mdvmes5.1.x86_64.rpm 599f1a6c68cb3d7013393e53dfd6521d mes5/x86_64/lib64gs8-8.63-62.5mdvmes5.1.x86_64.rpm f715b89840a0cd1eda5fced024e132e0 mes5/x86_64/lib64gs8-devel-8.63-62.5mdvmes5.1.x86_64.rpm 22e46de13ec51543c6c4c146d09ee789 mes5/x86_64/lib64ijs1-0.35-62.5mdvmes5.1.x86_64.rpm 06795e43a579200b1175a6a7cbcd0e6a mes5/x86_64/lib64ijs1-devel-0.35-62.5mdvmes5.1.x86_64.rpm effe8f02d35bd41f611c0f99f834c6b1 mes5/SRPMS/ghostscript-8.63-62.5mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMP3MqmqjQ0CJFipgRArDeAJ46HoacyStwR/xYVe5OcrxMtWiNvwCfWA5I lSnMvrv7yLKJSEHbmeoifjo= =HgXd -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/