[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] [ MDVSA-2009:144 ] ghostscript
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] [ MDVSA-2009:144 ] ghostscript
- From: security@xxxxxxxxxxxx
- Date: Sat, 27 Jun 2009 21:04:01 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:144
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ghostscript
Date : June 27, 2009
Affected: 2008.1, 2009.0, 2009.1
_______________________________________________________________________
Problem Description:
Multiple security vulnerabilities has been identified and fixed
in ghostscript:
Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).
Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
vectors related to the mif_hdr_put function and use of vsprintf
(CVE-2008-3522).
Previousely the ghostscript packages were statically built against
a bundled and private copy of the jasper library. This update makes
ghostscript link against the shared system jasper library which
makes it easier to address presumptive future security issues in the
jasper library.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
64de52ad8197e811b96671e9a730e3c0
2008.1/i586/ghostscript-8.61-60.2mdv2008.1.i586.rpm
45c1d4890c5c8b088e7a022fbbdc6dd9
2008.1/i586/ghostscript-common-8.61-60.2mdv2008.1.i586.rpm
a302314dd1cbe2460f27448adb59e826
2008.1/i586/ghostscript-doc-8.61-60.2mdv2008.1.i586.rpm
0e613f9e659e078bdab3d13a78f809a0
2008.1/i586/ghostscript-dvipdf-8.61-60.2mdv2008.1.i586.rpm
1a446b7c9285b32e7123913ab06a7b23
2008.1/i586/ghostscript-module-X-8.61-60.2mdv2008.1.i586.rpm
1225f21b30cb7ed380539e2d141f3d33
2008.1/i586/ghostscript-X-8.61-60.2mdv2008.1.i586.rpm
dd540467728f5e66bd37a1f49c0976a9
2008.1/i586/libgs8-8.61-60.2mdv2008.1.i586.rpm
dfbca51c10471f7cc8c5d2f8e09cda58
2008.1/i586/libgs8-devel-8.61-60.2mdv2008.1.i586.rpm
b6eae4883e5d9d76b2941f5f2ad2e63d
2008.1/i586/libijs1-0.35-60.2mdv2008.1.i586.rpm
37cedb3f1887c5fcd1c6e025c3af9a75
2008.1/i586/libijs1-devel-0.35-60.2mdv2008.1.i586.rpm
3b4d9f79b3e583c2a8c87f9662a370ec
2008.1/SRPMS/ghostscript-8.61-60.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
7575892730d45a63ecaf87c8c5396a5f
2008.1/x86_64/ghostscript-8.61-60.2mdv2008.1.x86_64.rpm
187caf1e05d6e108c040de51e9c0c2cf
2008.1/x86_64/ghostscript-common-8.61-60.2mdv2008.1.x86_64.rpm
370204ee2097294f44359fd3e23354cd
2008.1/x86_64/ghostscript-doc-8.61-60.2mdv2008.1.x86_64.rpm
b2a4bc0340b7862d87ef22b6eb5d54a2
2008.1/x86_64/ghostscript-dvipdf-8.61-60.2mdv2008.1.x86_64.rpm
a072f285954615b154763f8b6d84320c
2008.1/x86_64/ghostscript-module-X-8.61-60.2mdv2008.1.x86_64.rpm
72ee1177330643bba7bef2f759a27fb1
2008.1/x86_64/ghostscript-X-8.61-60.2mdv2008.1.x86_64.rpm
7961183b3542484dba3d45e4c0b0e63e
2008.1/x86_64/lib64gs8-8.61-60.2mdv2008.1.x86_64.rpm
337a97636c425cf3c95e8070bf9acd24
2008.1/x86_64/lib64gs8-devel-8.61-60.2mdv2008.1.x86_64.rpm
1fe6a0989d24d7acb36bc3f698992ae1
2008.1/x86_64/lib64ijs1-0.35-60.2mdv2008.1.x86_64.rpm
ab837490f350451d613a5cfae76852d0
2008.1/x86_64/lib64ijs1-devel-0.35-60.2mdv2008.1.x86_64.rpm
3b4d9f79b3e583c2a8c87f9662a370ec
2008.1/SRPMS/ghostscript-8.61-60.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
df32fad867b6add9bf45dad5657a8330
2009.0/i586/ghostscript-8.63-62.2mdv2009.0.i586.rpm
5210a202691f7651e50103f92fc47f82
2009.0/i586/ghostscript-common-8.63-62.2mdv2009.0.i586.rpm
96249fb38e6da477bfb5f509c9cfe1f7
2009.0/i586/ghostscript-doc-8.63-62.2mdv2009.0.i586.rpm
db3289afab8953821293444e4d25990e
2009.0/i586/ghostscript-dvipdf-8.63-62.2mdv2009.0.i586.rpm
2948de8a3142ac3cb188f1ca6277d085
2009.0/i586/ghostscript-module-X-8.63-62.2mdv2009.0.i586.rpm
0a1eb391b47f8a2885f687d727f0a727
2009.0/i586/ghostscript-X-8.63-62.2mdv2009.0.i586.rpm
64f89983246d5f77a657331f8c152b47
2009.0/i586/libgs8-8.63-62.2mdv2009.0.i586.rpm
67f549ca579add92fb25f20b49a4a125
2009.0/i586/libgs8-devel-8.63-62.2mdv2009.0.i586.rpm
7849ac132852a6c1ed86f924f92cc43a
2009.0/i586/libijs1-0.35-62.2mdv2009.0.i586.rpm
5e9b18f0795b19a247a690e3aaff2015
2009.0/i586/libijs1-devel-0.35-62.2mdv2009.0.i586.rpm
ce033e6b29aa70a42185a555eb6c378b
2009.0/SRPMS/ghostscript-8.63-62.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
bd0f230c1822c7c1bbba0559abdba507
2009.0/x86_64/ghostscript-8.63-62.2mdv2009.0.x86_64.rpm
4c5a4ab568fea04f48dc0cbd2655a35d
2009.0/x86_64/ghostscript-common-8.63-62.2mdv2009.0.x86_64.rpm
9161c959c6cef418ebad57db507e2822
2009.0/x86_64/ghostscript-doc-8.63-62.2mdv2009.0.x86_64.rpm
49d8b0b0644600f46be23bd7a95a6f1a
2009.0/x86_64/ghostscript-dvipdf-8.63-62.2mdv2009.0.x86_64.rpm
1a4b375953b3154e0bd69968d89c81fc
2009.0/x86_64/ghostscript-module-X-8.63-62.2mdv2009.0.x86_64.rpm
b19edb3dc189bd92ef6ff5048cb72ad8
2009.0/x86_64/ghostscript-X-8.63-62.2mdv2009.0.x86_64.rpm
9c6f38ee4b023e6ebaa9a0b740fff041
2009.0/x86_64/lib64gs8-8.63-62.2mdv2009.0.x86_64.rpm
f30d6c657f840ff898e2875f39637aec
2009.0/x86_64/lib64gs8-devel-8.63-62.2mdv2009.0.x86_64.rpm
77160fabdc96b83cca54dd96b9725e0d
2009.0/x86_64/lib64ijs1-0.35-62.2mdv2009.0.x86_64.rpm
310cf7488822883cb19228e245038891
2009.0/x86_64/lib64ijs1-devel-0.35-62.2mdv2009.0.x86_64.rpm
ce033e6b29aa70a42185a555eb6c378b
2009.0/SRPMS/ghostscript-8.63-62.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
5461e7acb022b34273bc8259c2cb51f3
2009.1/i586/ghostscript-8.64-65.1mdv2009.1.i586.rpm
fb55d8f235acf29d09d997a7336471a2
2009.1/i586/ghostscript-common-8.64-65.1mdv2009.1.i586.rpm
3e4332a4d9aeb25af76a04be3a215c85
2009.1/i586/ghostscript-doc-8.64-65.1mdv2009.1.i586.rpm
cffc795a9a7b3fba5f88d616d75bd15f
2009.1/i586/ghostscript-dvipdf-8.64-65.1mdv2009.1.i586.rpm
31d045453a66587fe6f6caf4cfbbf6c8
2009.1/i586/ghostscript-module-X-8.64-65.1mdv2009.1.i586.rpm
90e8c74e4732a90506c60d81ff92d344
2009.1/i586/ghostscript-X-8.64-65.1mdv2009.1.i586.rpm
303ca01b3b4932febd96eb488fb47d53
2009.1/i586/libgs8-8.64-65.1mdv2009.1.i586.rpm
946518442e2e6493b2bf83d6a81f4d10
2009.1/i586/libgs8-devel-8.64-65.1mdv2009.1.i586.rpm
15545b1852dea3d79b46a0602c6bfc57
2009.1/i586/libijs1-0.35-65.1mdv2009.1.i586.rpm
eff2cd5a24f88ef5d39fe7131f0b6f14
2009.1/i586/libijs1-devel-0.35-65.1mdv2009.1.i586.rpm
1c96f2a7290404b7075ec8ab406571df
2009.1/SRPMS/ghostscript-8.64-65.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
7d1bef1043e4ec08a4f48fdd7c64b83d
2009.1/x86_64/ghostscript-8.64-65.1mdv2009.1.x86_64.rpm
5a6c02f5643a40805b226c0e401e944c
2009.1/x86_64/ghostscript-common-8.64-65.1mdv2009.1.x86_64.rpm
205e378a2e3e78f70be416d028cfe2cd
2009.1/x86_64/ghostscript-doc-8.64-65.1mdv2009.1.x86_64.rpm
e71464af0f64ad8a67d9b4cc2dc6b212
2009.1/x86_64/ghostscript-dvipdf-8.64-65.1mdv2009.1.x86_64.rpm
474271f0b74ce5c8b3cfb6dab78ffe21
2009.1/x86_64/ghostscript-module-X-8.64-65.1mdv2009.1.x86_64.rpm
00afb881b26e8ab1bc2b82b0c0d57e5a
2009.1/x86_64/ghostscript-X-8.64-65.1mdv2009.1.x86_64.rpm
679194c2b7a835a16ac3ee33ef48209c
2009.1/x86_64/lib64gs8-8.64-65.1mdv2009.1.x86_64.rpm
c311ffb6c8f32e8dcdb65a35fb92aad3
2009.1/x86_64/lib64gs8-devel-8.64-65.1mdv2009.1.x86_64.rpm
4db7ecdf4f4b615965c386d881a2729e
2009.1/x86_64/lib64ijs1-0.35-65.1mdv2009.1.x86_64.rpm
e9c6700684bd7ce2917fe59e19d24e08
2009.1/x86_64/lib64ijs1-devel-0.35-65.1mdv2009.1.x86_64.rpm
1c96f2a7290404b7075ec8ab406571df
2009.1/SRPMS/ghostscript-8.64-65.1mdv2009.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKRkCBmqjQ0CJFipgRAsXPAJ4wSuhitGx5GFak+Y9Vn7+DnlbZJwCfZmL8
VmzBRP7UPNfoHBoOpcgGFW0=
=ZeYa
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/