Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in ghostscript
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in ghostscript
ID: MDVSA-2009:095
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0, Mandriva 2008.1, Mandriva 2009.0
Datum: Fr, 24. April 2009, 20:51
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
Applikationen: AFPL Ghostscript

Originalnachricht

 
This is a multi-part message in MIME format...

------------=_1240599093-27111-1777


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:095
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : ghostscript
 Date    : April 24, 2009
 Affected: 2008.1, 2009.0, Corporate 4.0
 _______________________________________________________________________

 Problem Description:

 A buffer underflow in Ghostscript's CCITTFax decoding filter allows
 remote attackers to cause denial of service and possibly to execute
 arbitrary by using a crafted PDF file (CVE-2007-6725).
 
 Buffer overflow in Ghostscript's BaseFont writer module allows
 remote attackers to cause a denial of service and possibly to execute
 arbitrary code via a crafted Postscript file (CVE-2008-6679).
 
 Multiple interger overflows in Ghostsript's International Color
 Consortium Format Library (icclib) allows attackers to cause denial
 of service (heap-based buffer overflow and application crash) and
 possibly execute arbirary code by using either a PostScript or PDF
 file with crafte embedded images (CVE-2009-0583, CVE-2009-0584).
 
 Multiple interger overflows in Ghostsript's International Color
 Consortium Format Library (icclib) allows attackers to cause denial
 of service (heap-based buffer overflow and application crash) and
 possibly execute arbirary code by using either a PostScript or PDF
 file with crafte embedded images. Note: this issue exists because of
 an incomplete fix for CVE-2009-0583 (CVE-2009-0792).
 
 Heap-based overflow in Ghostscript's JBIG2 decoding library allows
 attackers to cause denial of service and possibly to execute arbitrary
 code by using a crafted PDF file (CVE-2009-0196).
 
 This update provides fixes for that vulnerabilities.

 Update:

 gostscript packages from Mandriva Linux 2009.0 distribution are not
 affected by CVE-2007-6725.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 21e5523f3dd1e662749153256a9c4c29 
 2008.1/i586/ghostscript-8.61-60.1mdv2008.1.i586.rpm
 67c9ef01cbb300b355ca7973796128e1 
 2008.1/i586/ghostscript-common-8.61-60.1mdv2008.1.i586.rpm
 981885697a740a41de36f2fbe9162ead 
 2008.1/i586/ghostscript-doc-8.61-60.1mdv2008.1.i586.rpm
 6021f2ba30f5db13365b4b4032bd95dd 
 2008.1/i586/ghostscript-dvipdf-8.61-60.1mdv2008.1.i586.rpm
 fbcf137a546d3a26728d03c43fe91f63 
 2008.1/i586/ghostscript-module-X-8.61-60.1mdv2008.1.i586.rpm
 7957439e200dd85d147896c324267d25 
 2008.1/i586/ghostscript-X-8.61-60.1mdv2008.1.i586.rpm
 2c15c85bde4846cf0e353bb05af17320 
 2008.1/i586/libgs8-8.61-60.1mdv2008.1.i586.rpm
 eb5d8bab4161862a3f52cac7e75026b1 
 2008.1/i586/libgs8-devel-8.61-60.1mdv2008.1.i586.rpm
 8c54dfe0af736153a138361ca4f7093a 
 2008.1/i586/libijs1-0.35-60.1mdv2008.1.i586.rpm
 e8192518fbd2f9931ae54a86bcbbf567 
 2008.1/i586/libijs1-devel-0.35-60.1mdv2008.1.i586.rpm 
 c65ca4c2032670ac4f30ef131a8f3d32 
 2008.1/SRPMS/ghostscript-8.61-60.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 1495a4f65154f7a50888a96162e6a180 
 2008.1/x86_64/ghostscript-8.61-60.1mdv2008.1.x86_64.rpm
 3afecedda4a8d72f32f37efeabbaf46e 
 2008.1/x86_64/ghostscript-common-8.61-60.1mdv2008.1.x86_64.rpm
 a2a2969f5c501347f6c7513a8180ac62 
 2008.1/x86_64/ghostscript-doc-8.61-60.1mdv2008.1.x86_64.rpm
 016239f5bc2cca3aae62f1dc3fa443a2 
 2008.1/x86_64/ghostscript-dvipdf-8.61-60.1mdv2008.1.x86_64.rpm
 5537b78ef9cac087f3a6c88e8c6c4b34 
 2008.1/x86_64/ghostscript-module-X-8.61-60.1mdv2008.1.x86_64.rpm
 1927c0fce28438b00d504d5bf207a257 
 2008.1/x86_64/ghostscript-X-8.61-60.1mdv2008.1.x86_64.rpm
 7da692a79f0054041c685f74d291c042 
 2008.1/x86_64/lib64gs8-8.61-60.1mdv2008.1.x86_64.rpm
 e8eef75aa357ab14937c9e5bd07bad83 
 2008.1/x86_64/lib64gs8-devel-8.61-60.1mdv2008.1.x86_64.rpm
 25dbc9b27639c90097a14532d8e30039 
 2008.1/x86_64/lib64ijs1-0.35-60.1mdv2008.1.x86_64.rpm
 3effb7a452c598b79a9ccf2a2a85402f 
 2008.1/x86_64/lib64ijs1-devel-0.35-60.1mdv2008.1.x86_64.rpm 
 c65ca4c2032670ac4f30ef131a8f3d32 
 2008.1/SRPMS/ghostscript-8.61-60.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 08d85895c1b9b2f184b521b347b6c3a9 
 2009.0/i586/ghostscript-8.63-62.1mdv2009.0.i586.rpm
 b80577925371e2e310efa46cc7e6524e 
 2009.0/i586/ghostscript-common-8.63-62.1mdv2009.0.i586.rpm
 3d2b787310d18f6d57e8f2759e2e378d 
 2009.0/i586/ghostscript-doc-8.63-62.1mdv2009.0.i586.rpm
 74230df515cd6f728b1ad0fa7425881f 
 2009.0/i586/ghostscript-dvipdf-8.63-62.1mdv2009.0.i586.rpm
 89013a75d8c588b5ac8b08e68585c55e 
 2009.0/i586/ghostscript-module-X-8.63-62.1mdv2009.0.i586.rpm
 383751e84376fe6bbd7e3cb52c2f9a68 
 2009.0/i586/ghostscript-X-8.63-62.1mdv2009.0.i586.rpm
 353d6c17931a606fe9de82f3ce275dd5 
 2009.0/i586/libgs8-8.63-62.1mdv2009.0.i586.rpm
 05665f903b2ac9b5f1baf924598250ab 
 2009.0/i586/libgs8-devel-8.63-62.1mdv2009.0.i586.rpm
 a3d0879ab70588df82b0a2a0eba91cc4 
 2009.0/i586/libijs1-0.35-62.1mdv2009.0.i586.rpm
 75b2f976582e0e1b2800927c0c0356d1 
 2009.0/i586/libijs1-devel-0.35-62.1mdv2009.0.i586.rpm 
 f10ffcf2150c332ff6baf9befc04561a 
 2009.0/SRPMS/ghostscript-8.63-62.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 66ea01cecd74b8baf47c0fde1333eb94 
 2009.0/x86_64/ghostscript-8.63-62.1mdv2009.0.x86_64.rpm
 a5f89f1f738627329671fedc6499e066 
 2009.0/x86_64/ghostscript-common-8.63-62.1mdv2009.0.x86_64.rpm
 8b7c1317a8da3b8ce5b19f9ee4b1e32d 
 2009.0/x86_64/ghostscript-doc-8.63-62.1mdv2009.0.x86_64.rpm
 72e99ba40f13862aa1117738cb426e8a 
 2009.0/x86_64/ghostscript-dvipdf-8.63-62.1mdv2009.0.x86_64.rpm
 9ef78a2da9e98e5a9b50c850166a2974 
 2009.0/x86_64/ghostscript-module-X-8.63-62.1mdv2009.0.x86_64.rpm
 e66cb4eca77d326f7a8aa62c303a0630 
 2009.0/x86_64/ghostscript-X-8.63-62.1mdv2009.0.x86_64.rpm
 6310d106dc710713b89b8053f702bff1 
 2009.0/x86_64/lib64gs8-8.63-62.1mdv2009.0.x86_64.rpm
 69b66aa75de8eb8739b1b4cda07c9f5f 
 2009.0/x86_64/lib64gs8-devel-8.63-62.1mdv2009.0.x86_64.rpm
 ce33d1391e0fb673c865df40a3d63eb4 
 2009.0/x86_64/lib64ijs1-0.35-62.1mdv2009.0.x86_64.rpm
 9eac0d8043cb220edbbdf795c4f8eed0 
 2009.0/x86_64/lib64ijs1-devel-0.35-62.1mdv2009.0.x86_64.rpm 
 f10ffcf2150c332ff6baf9befc04561a 
 2009.0/SRPMS/ghostscript-8.63-62.1mdv2009.0.src.rpm

 Corporate 4.0:
 f3f2dd869b6716d5693a2851d0103d29 
 corporate/4.0/i586/ghostscript-8.15-46.2.20060mlcs4.i586.rpm
 dfbad4b982a25d92abe3c59dd66dfcc5 
 corporate/4.0/i586/ghostscript-common-8.15-46.2.20060mlcs4.i586.rpm
 0db7b9267e286692faba1c3d0dc96ba8 
 corporate/4.0/i586/ghostscript-dvipdf-8.15-46.2.20060mlcs4.i586.rpm
 671ac5a9cbe53778e42bff674eecc29f 
 corporate/4.0/i586/ghostscript-module-X-8.15-46.2.20060mlcs4.i586.rpm
 084da1f80aed83f0c2760cb4badd0912 
 corporate/4.0/i586/ghostscript-X-8.15-46.2.20060mlcs4.i586.rpm
 e1f093bba6ef20334386d510c8d71a16 
 corporate/4.0/i586/libgs8-8.15-46.2.20060mlcs4.i586.rpm
 6822f3330c5df7322f0b2b358fc8a0b8 
 corporate/4.0/i586/libgs8-devel-8.15-46.2.20060mlcs4.i586.rpm
 8524416169178e556b61dd524bccb880 
 corporate/4.0/i586/libijs1-0.35-46.2.20060mlcs4.i586.rpm
 1608d8fc8f9f11a91a270f73a820886d 
 corporate/4.0/i586/libijs1-devel-0.35-46.2.20060mlcs4.i586.rpm 
 2d6e27ec1923b32485fc40fbe73f5e76 
 corporate/4.0/SRPMS/ghostscript-8.15-46.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 3bf733e0a435f1d043ab03ee89bf900f 
 corporate/4.0/x86_64/ghostscript-8.15-46.2.20060mlcs4.x86_64.rpm
 378d6bedbe98a7ae128bf24ce73ff237 
 corporate/4.0/x86_64/ghostscript-common-8.15-46.2.20060mlcs4.x86_64.rpm
 ef7a7d50ec22edf3194351c0564362ac 
 corporate/4.0/x86_64/ghostscript-dvipdf-8.15-46.2.20060mlcs4.x86_64.rpm
 5b70ec3ac9bfd88c9281a768089993fc 
 corporate/4.0/x86_64/ghostscript-module-X-8.15-46.2.20060mlcs4.x86_64.rpm
 1ea47debc989e4ce9efa7ced8d23ced3 
 corporate/4.0/x86_64/ghostscript-X-8.15-46.2.20060mlcs4.x86_64.rpm
 aaad3b214a420ebfb7599aa7bf6c2265 
 corporate/4.0/x86_64/lib64gs8-8.15-46.2.20060mlcs4.x86_64.rpm
 3d807e9b0ff862a28d3b15a067f71f27 
 corporate/4.0/x86_64/lib64gs8-devel-8.15-46.2.20060mlcs4.x86_64.rpm
 46dcc298bf2eb2b0be3a7cdcaf20f4a6 
 corporate/4.0/x86_64/lib64ijs1-0.35-46.2.20060mlcs4.x86_64.rpm
 5c656acee2162a7ab67bee745cbbf473 
 corporate/4.0/x86_64/lib64ijs1-devel-0.35-46.2.20060mlcs4.x86_64.rpm 
 2d6e27ec1923b32485fc40fbe73f5e76 
 corporate/4.0/SRPMS/ghostscript-8.15-46.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ8d0VmqjQ0CJFipgRAmAFAJ0VG4BedOc36ha3HKdhcGHOKULILwCfRY4i
NI4Hm3ny+blkGziBjdTkXdg=
=MXEA
-----END PGP SIGNATURE-----


------------=_1240599093-27111-1777
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1240599093-27111-1777--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung