drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in ghostscript
Name: |
Mehrere Probleme in ghostscript |
|
ID: |
MDVSA-2009:311 |
|
Distribution: |
Mandriva |
|
Plattformen: |
Mandriva 2008.0 |
|
Datum: |
Fr, 4. Dezember 2009, 01:21 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792 |
|
Applikationen: |
AFPL Ghostscript |
|
Originalnachricht |
This is a multi-part message in MIME format...
------------=_1259886090-24326-1585
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:311 http://www.mandriva.com/security/ _______________________________________________________________________
Package : ghostscript Date : December 3, 2009 Affected: 2008.0 _______________________________________________________________________
Problem Description:
Multiple security vulnerabilities has been identified and fixed in ghostscript: A buffer underflow in Ghostscript's CCITTFax decoding filter allows remote attackers to cause denial of service and possibly to execute arbitrary by using a crafted PDF file (CVE-2007-6725). Buffer overflow in Ghostscript's BaseFont writer module allows remote attackers to cause a denial of service and possibly to execute arbitrary code via a crafted Postscript file (CVE-2008-6679). Multiple interger overflows in Ghostsript's International Color Consortium Format Library (icclib) allows attackers to cause denial of service (heap-based buffer overflow and application crash) and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images (CVE-2009-0583, CVE-2009-0584). Multiple interger overflows in Ghostsript's International Color Consortium Format Library (icclib) allows attackers to cause denial of service (heap-based buffer overflow and application crash) and possibly execute arbirary code by using either a PostScript or PDF file with crafte embedded images. Note: this issue exists because of an incomplete fix for CVE-2009-0583 (CVE-2009-0792). Heap-based overflow in Ghostscript's JBIG2 decoding library allows attackers to cause denial of service and possibly to execute arbitrary code by using a crafted PDF file (CVE-2009-0196). Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation (CVE-2008-3520). Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf (CVE-2008-3522). Previousely the ghostscript packages were statically built against a bundled and private copy of the jasper library. This update makes ghostscript link against the shared system jasper library which makes it easier to address presumptive future security issues in the jasper library. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides fixes for that vulnerabilities. _______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792 _______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0: d419c4cc3452b90b350c8fda68bf29f8 2008.0/i586/ghostscript-8.60-55.3mdv2008.0.i586.rpm 7e120e4166ebbf8203a05d657223c5d5 2008.0/i586/ghostscript-common-8.60-55.3mdv2008.0.i586.rpm 29685fcf8eb0bb04d59e07fcbb57973f 2008.0/i586/ghostscript-doc-8.60-55.3mdv2008.0.i586.rpm d205693e3d3ba8da5f9197992d28ed13 2008.0/i586/ghostscript-dvipdf-8.60-55.3mdv2008.0.i586.rpm 6b4c9b0bcb0e00dfadf1e4d145a4c657 2008.0/i586/ghostscript-module-X-8.60-55.3mdv2008.0.i586.rpm 04b75844bec6d20e8d642ad0c217ad1f 2008.0/i586/ghostscript-X-8.60-55.3mdv2008.0.i586.rpm b20ee4fa316e601a73131d0cca1b1643 2008.0/i586/libgs8-8.60-55.3mdv2008.0.i586.rpm 121aea93ce9d622fb7d5f616e442bc86 2008.0/i586/libgs8-devel-8.60-55.3mdv2008.0.i586.rpm 157190bd96bc7326ce9291a67db738cf 2008.0/i586/libijs1-0.35-55.3mdv2008.0.i586.rpm 50d401f2135225ec3cad3881ceb084bd 2008.0/i586/libijs1-devel-0.35-55.3mdv2008.0.i586.rpm 5f649dc370d0b581b067d8b5db30a1a2 2008.0/SRPMS/ghostscript-8.60-55.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 54292241ec99616cedd3099e4d2ff6a5 2008.0/x86_64/ghostscript-8.60-55.3mdv2008.0.x86_64.rpm ede49cf300d10edf9b67067c13608fd2 2008.0/x86_64/ghostscript-common-8.60-55.3mdv2008.0.x86_64.rpm e75cb4fb3d2b00ff395da26109518f6b 2008.0/x86_64/ghostscript-doc-8.60-55.3mdv2008.0.x86_64.rpm 2644ccf83047b448e0d0097bab2dad19 2008.0/x86_64/ghostscript-dvipdf-8.60-55.3mdv2008.0.x86_64.rpm eaf0ee1db669bf25c30839b2da7782d1 2008.0/x86_64/ghostscript-module-X-8.60-55.3mdv2008.0.x86_64.rpm 62ad0f8af2eae01f62b178b6f9d1ae86 2008.0/x86_64/ghostscript-X-8.60-55.3mdv2008.0.x86_64.rpm d96e334812d8af6448214491832ee176 2008.0/x86_64/lib64gs8-8.60-55.3mdv2008.0.x86_64.rpm f129af9829956f8ad1aff56af496d31c 2008.0/x86_64/lib64gs8-devel-8.60-55.3mdv2008.0.x86_64.rpm 914c12790362c30b562f2a5b99748aec 2008.0/x86_64/lib64ijs1-0.35-55.3mdv2008.0.x86_64.rpm deff12b840779e49a2d14a30d46060f1 2008.0/x86_64/lib64ijs1-devel-0.35-55.3mdv2008.0.x86_64.rpm 5f649dc370d0b581b067d8b5db30a1a2 2008.0/SRPMS/ghostscript-8.60-55.3mdv2008.0.src.rpm _______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com _______________________________________________________________________
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLGCnxmqjQ0CJFipgRAgO1AKC3lP/mULkNhPd9/o91BePfDLB3uwCg0GjV q4PuQczr3V0LuJ8MhlTucZM= =e4Ko -----END PGP SIGNATURE-----
------------=_1259886090-24326-1585 Content-Type: text/plain; name="message-footer.txt" Content-Disposition: inline; filename="message-footer.txt" Content-Transfer-Encoding: 8bit
To unsubscribe, send a email to sympa@mandrivalinux.org with this subject : unsubscribe security-announce _______________________________________________________ Want to buy your Pack or Services from Mandriva? Go to http://www.mandrivastore.com Join the Club : http://www.mandrivaclub.com _______________________________________________________
------------=_1259886090-24326-1585--
|
|
|
|