MDVSA-2009:311

Package name

ghostscript

Date

2009-12-03

Advisory ID

MDVSA-2009:311

Affected versions

2008.0 i586 , 2008.0 x86_64

Problem description

Multiple security vulnerabilities has been identified and fixed
in ghostscript:

A buffer underflow in Ghostscript's CCITTFax decoding filter allows
remote attackers to cause denial of service and possibly to execute
arbitrary by using a crafted PDF file (CVE-2007-6725).

Buffer overflow in Ghostscript's BaseFont writer module allows
remote attackers to cause a denial of service and possibly to execute
arbitrary code via a crafted Postscript file (CVE-2008-6679).

Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
of service (heap-based buffer overflow and application crash) and
possibly execute arbirary code by using either a PostScript or PDF
file with crafte embedded images (CVE-2009-0583, CVE-2009-0584).

Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
of service (heap-based buffer overflow and application crash) and
possibly execute arbirary code by using either a PostScript or PDF
file with crafte embedded images. Note: this issue exists because of
an incomplete fix for CVE-2009-0583 (CVE-2009-0792).

Heap-based overflow in Ghostscript's JBIG2 decoding library allows
attackers to cause denial of service and possibly to execute arbitrary
code by using a crafted PDF file (CVE-2009-0196).

Multiple integer overflows in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via a crafted
image file, related to integer multiplication for memory allocation
(CVE-2008-3520).

Buffer overflow in the jas_stream_printf function in
libjasper/base/jas_stream.c in JasPer 1.900.1 might allow
context-dependent attackers to have an unknown impact via
vectors related to the mif_hdr_put function and use of vsprintf
(CVE-2008-3522).

Previousely the ghostscript packages were statically built against
a bundled and private copy of the jasper library. This update makes
ghostscript link against the shared system jasper library which
makes it easier to address presumptive future security issues in the
jasper library.

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

This update provides fixes for that vulnerabilities.

Updated packages

2008.0 i586

 d419c4cc3452b90b350c8fda68bf29f8  2008.0/i586/ghostscript-8.60-55.3mdv2008.0.i586.rpm
 7e120e4166ebbf8203a05d657223c5d5  2008.0/i586/ghostscript-common-8.60-55.3mdv2008.0.i586.rpm
 29685fcf8eb0bb04d59e07fcbb57973f  2008.0/i586/ghostscript-doc-8.60-55.3mdv2008.0.i586.rpm
 d205693e3d3ba8da5f9197992d28ed13  2008.0/i586/ghostscript-dvipdf-8.60-55.3mdv2008.0.i586.rpm
 6b4c9b0bcb0e00dfadf1e4d145a4c657  2008.0/i586/ghostscript-module-X-8.60-55.3mdv2008.0.i586.rpm
 04b75844bec6d20e8d642ad0c217ad1f  2008.0/i586/ghostscript-X-8.60-55.3mdv2008.0.i586.rpm
 b20ee4fa316e601a73131d0cca1b1643  2008.0/i586/libgs8-8.60-55.3mdv2008.0.i586.rpm
 121aea93ce9d622fb7d5f616e442bc86  2008.0/i586/libgs8-devel-8.60-55.3mdv2008.0.i586.rpm
 157190bd96bc7326ce9291a67db738cf  2008.0/i586/libijs1-0.35-55.3mdv2008.0.i586.rpm
 50d401f2135225ec3cad3881ceb084bd  2008.0/i586/libijs1-devel-0.35-55.3mdv2008.0.i586.rpm 
 5f649dc370d0b581b067d8b5db30a1a2  2008.0/SRPMS/ghostscript-8.60-55.3mdv2008.0.src.rpm

2008.0 x86_64

 54292241ec99616cedd3099e4d2ff6a5  2008.0/x86_64/ghostscript-8.60-55.3mdv2008.0.x86_64.rpm
 ede49cf300d10edf9b67067c13608fd2  2008.0/x86_64/ghostscript-common-8.60-55.3mdv2008.0.x86_64.rpm
 e75cb4fb3d2b00ff395da26109518f6b  2008.0/x86_64/ghostscript-doc-8.60-55.3mdv2008.0.x86_64.rpm
 2644ccf83047b448e0d0097bab2dad19  2008.0/x86_64/ghostscript-dvipdf-8.60-55.3mdv2008.0.x86_64.rpm
 eaf0ee1db669bf25c30839b2da7782d1  2008.0/x86_64/ghostscript-module-X-8.60-55.3mdv2008.0.x86_64.rpm
 62ad0f8af2eae01f62b178b6f9d1ae86  2008.0/x86_64/ghostscript-X-8.60-55.3mdv2008.0.x86_64.rpm
 d96e334812d8af6448214491832ee176  2008.0/x86_64/lib64gs8-8.60-55.3mdv2008.0.x86_64.rpm
 f129af9829956f8ad1aff56af496d31c  2008.0/x86_64/lib64gs8-devel-8.60-55.3mdv2008.0.x86_64.rpm
 914c12790362c30b562f2a5b99748aec  2008.0/x86_64/lib64ijs1-0.35-55.3mdv2008.0.x86_64.rpm
 deff12b840779e49a2d14a30d46060f1  2008.0/x86_64/lib64ijs1-devel-0.35-55.3mdv2008.0.x86_64.rpm 
 5f649dc370d0b581b067d8b5db30a1a2  2008.0/SRPMS/ghostscript-8.60-55.3mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3522
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3520
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725