MDVSA-2009:095

Package name

ghostscript

Date

2009-04-24

Advisory ID

MDVSA-2009:095

Affected versions

2009.0 x86_64 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , 2008.1 x86_64 , 2008.1 i586

Problem description

A buffer underflow in Ghostscript's CCITTFax decoding filter allows
remote attackers to cause denial of service and possibly to execute
arbitrary by using a crafted PDF file (CVE-2007-6725).

Buffer overflow in Ghostscript's BaseFont writer module allows
remote attackers to cause a denial of service and possibly to execute
arbitrary code via a crafted Postscript file (CVE-2008-6679).

Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
of service (heap-based buffer overflow and application crash) and
possibly execute arbirary code by using either a PostScript or PDF
file with crafte embedded images (CVE-2009-0583, CVE-2009-0584).

Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
of service (heap-based buffer overflow and application crash) and
possibly execute arbirary code by using either a PostScript or PDF
file with crafte embedded images. Note: this issue exists because of
an incomplete fix for CVE-2009-0583 (CVE-2009-0792).

Heap-based overflow in Ghostscript's JBIG2 decoding library allows
attackers to cause denial of service and possibly to execute arbitrary
code by using a crafted PDF file (CVE-2009-0196).

This update provides fixes for that vulnerabilities.

Update:

gostscript packages from Mandriva Linux 2009.0 distribution are not
affected by CVE-2007-6725.

Updated packages

2009.0 x86_64

 66ea01cecd74b8baf47c0fde1333eb94  2009.0/x86_64/ghostscript-8.63-62.1mdv2009.0.x86_64.rpm
 a5f89f1f738627329671fedc6499e066  2009.0/x86_64/ghostscript-common-8.63-62.1mdv2009.0.x86_64.rpm
 8b7c1317a8da3b8ce5b19f9ee4b1e32d  2009.0/x86_64/ghostscript-doc-8.63-62.1mdv2009.0.x86_64.rpm
 72e99ba40f13862aa1117738cb426e8a  2009.0/x86_64/ghostscript-dvipdf-8.63-62.1mdv2009.0.x86_64.rpm
 9ef78a2da9e98e5a9b50c850166a2974  2009.0/x86_64/ghostscript-module-X-8.63-62.1mdv2009.0.x86_64.rpm
 e66cb4eca77d326f7a8aa62c303a0630  2009.0/x86_64/ghostscript-X-8.63-62.1mdv2009.0.x86_64.rpm
 6310d106dc710713b89b8053f702bff1  2009.0/x86_64/lib64gs8-8.63-62.1mdv2009.0.x86_64.rpm
 69b66aa75de8eb8739b1b4cda07c9f5f  2009.0/x86_64/lib64gs8-devel-8.63-62.1mdv2009.0.x86_64.rpm
 ce33d1391e0fb673c865df40a3d63eb4  2009.0/x86_64/lib64ijs1-0.35-62.1mdv2009.0.x86_64.rpm
 9eac0d8043cb220edbbdf795c4f8eed0  2009.0/x86_64/lib64ijs1-devel-0.35-62.1mdv2009.0.x86_64.rpm 
 f10ffcf2150c332ff6baf9befc04561a  2009.0/SRPMS/ghostscript-8.63-62.1mdv2009.0.src.rpm

2009.0 i586

 08d85895c1b9b2f184b521b347b6c3a9  2009.0/i586/ghostscript-8.63-62.1mdv2009.0.i586.rpm
 b80577925371e2e310efa46cc7e6524e  2009.0/i586/ghostscript-common-8.63-62.1mdv2009.0.i586.rpm
 3d2b787310d18f6d57e8f2759e2e378d  2009.0/i586/ghostscript-doc-8.63-62.1mdv2009.0.i586.rpm
 74230df515cd6f728b1ad0fa7425881f  2009.0/i586/ghostscript-dvipdf-8.63-62.1mdv2009.0.i586.rpm
 89013a75d8c588b5ac8b08e68585c55e  2009.0/i586/ghostscript-module-X-8.63-62.1mdv2009.0.i586.rpm
 383751e84376fe6bbd7e3cb52c2f9a68  2009.0/i586/ghostscript-X-8.63-62.1mdv2009.0.i586.rpm
 353d6c17931a606fe9de82f3ce275dd5  2009.0/i586/libgs8-8.63-62.1mdv2009.0.i586.rpm
 05665f903b2ac9b5f1baf924598250ab  2009.0/i586/libgs8-devel-8.63-62.1mdv2009.0.i586.rpm
 a3d0879ab70588df82b0a2a0eba91cc4  2009.0/i586/libijs1-0.35-62.1mdv2009.0.i586.rpm
 75b2f976582e0e1b2800927c0c0356d1  2009.0/i586/libijs1-devel-0.35-62.1mdv2009.0.i586.rpm 
 f10ffcf2150c332ff6baf9befc04561a  2009.0/SRPMS/ghostscript-8.63-62.1mdv2009.0.src.rpm

CS4.0 i586

 f3f2dd869b6716d5693a2851d0103d29  corporate/4.0/i586/ghostscript-8.15-46.2.20060mlcs4.i586.rpm
 dfbad4b982a25d92abe3c59dd66dfcc5  corporate/4.0/i586/ghostscript-common-8.15-46.2.20060mlcs4.i586.rpm
 0db7b9267e286692faba1c3d0dc96ba8  corporate/4.0/i586/ghostscript-dvipdf-8.15-46.2.20060mlcs4.i586.rpm
 671ac5a9cbe53778e42bff674eecc29f  corporate/4.0/i586/ghostscript-module-X-8.15-46.2.20060mlcs4.i586.rpm
 084da1f80aed83f0c2760cb4badd0912  corporate/4.0/i586/ghostscript-X-8.15-46.2.20060mlcs4.i586.rpm
 e1f093bba6ef20334386d510c8d71a16  corporate/4.0/i586/libgs8-8.15-46.2.20060mlcs4.i586.rpm
 6822f3330c5df7322f0b2b358fc8a0b8  corporate/4.0/i586/libgs8-devel-8.15-46.2.20060mlcs4.i586.rpm
 8524416169178e556b61dd524bccb880  corporate/4.0/i586/libijs1-0.35-46.2.20060mlcs4.i586.rpm
 1608d8fc8f9f11a91a270f73a820886d  corporate/4.0/i586/libijs1-devel-0.35-46.2.20060mlcs4.i586.rpm 
 2d6e27ec1923b32485fc40fbe73f5e76  corporate/4.0/SRPMS/ghostscript-8.15-46.2.20060mlcs4.src.rpm

CS4.0 x86_64

 3bf733e0a435f1d043ab03ee89bf900f  corporate/4.0/x86_64/ghostscript-8.15-46.2.20060mlcs4.x86_64.rpm
 378d6bedbe98a7ae128bf24ce73ff237  corporate/4.0/x86_64/ghostscript-common-8.15-46.2.20060mlcs4.x86_64.rpm
 ef7a7d50ec22edf3194351c0564362ac  corporate/4.0/x86_64/ghostscript-dvipdf-8.15-46.2.20060mlcs4.x86_64.rpm
 5b70ec3ac9bfd88c9281a768089993fc  corporate/4.0/x86_64/ghostscript-module-X-8.15-46.2.20060mlcs4.x86_64.rpm
 1ea47debc989e4ce9efa7ced8d23ced3  corporate/4.0/x86_64/ghostscript-X-8.15-46.2.20060mlcs4.x86_64.rpm
 aaad3b214a420ebfb7599aa7bf6c2265  corporate/4.0/x86_64/lib64gs8-8.15-46.2.20060mlcs4.x86_64.rpm
 3d807e9b0ff862a28d3b15a067f71f27  corporate/4.0/x86_64/lib64gs8-devel-8.15-46.2.20060mlcs4.x86_64.rpm
 46dcc298bf2eb2b0be3a7cdcaf20f4a6  corporate/4.0/x86_64/lib64ijs1-0.35-46.2.20060mlcs4.x86_64.rpm
 5c656acee2162a7ab67bee745cbbf473  corporate/4.0/x86_64/lib64ijs1-devel-0.35-46.2.20060mlcs4.x86_64.rpm 
 2d6e27ec1923b32485fc40fbe73f5e76  corporate/4.0/SRPMS/ghostscript-8.15-46.2.20060mlcs4.src.rpm

2008.1 x86_64

 1495a4f65154f7a50888a96162e6a180  2008.1/x86_64/ghostscript-8.61-60.1mdv2008.1.x86_64.rpm
 3afecedda4a8d72f32f37efeabbaf46e  2008.1/x86_64/ghostscript-common-8.61-60.1mdv2008.1.x86_64.rpm
 a2a2969f5c501347f6c7513a8180ac62  2008.1/x86_64/ghostscript-doc-8.61-60.1mdv2008.1.x86_64.rpm
 016239f5bc2cca3aae62f1dc3fa443a2  2008.1/x86_64/ghostscript-dvipdf-8.61-60.1mdv2008.1.x86_64.rpm
 5537b78ef9cac087f3a6c88e8c6c4b34  2008.1/x86_64/ghostscript-module-X-8.61-60.1mdv2008.1.x86_64.rpm
 1927c0fce28438b00d504d5bf207a257  2008.1/x86_64/ghostscript-X-8.61-60.1mdv2008.1.x86_64.rpm
 7da692a79f0054041c685f74d291c042  2008.1/x86_64/lib64gs8-8.61-60.1mdv2008.1.x86_64.rpm
 e8eef75aa357ab14937c9e5bd07bad83  2008.1/x86_64/lib64gs8-devel-8.61-60.1mdv2008.1.x86_64.rpm
 25dbc9b27639c90097a14532d8e30039  2008.1/x86_64/lib64ijs1-0.35-60.1mdv2008.1.x86_64.rpm
 3effb7a452c598b79a9ccf2a2a85402f  2008.1/x86_64/lib64ijs1-devel-0.35-60.1mdv2008.1.x86_64.rpm 
 c65ca4c2032670ac4f30ef131a8f3d32  2008.1/SRPMS/ghostscript-8.61-60.1mdv2008.1.src.rpm

2008.1 i586

 21e5523f3dd1e662749153256a9c4c29  2008.1/i586/ghostscript-8.61-60.1mdv2008.1.i586.rpm
 67c9ef01cbb300b355ca7973796128e1  2008.1/i586/ghostscript-common-8.61-60.1mdv2008.1.i586.rpm
 981885697a740a41de36f2fbe9162ead  2008.1/i586/ghostscript-doc-8.61-60.1mdv2008.1.i586.rpm
 6021f2ba30f5db13365b4b4032bd95dd  2008.1/i586/ghostscript-dvipdf-8.61-60.1mdv2008.1.i586.rpm
 fbcf137a546d3a26728d03c43fe91f63  2008.1/i586/ghostscript-module-X-8.61-60.1mdv2008.1.i586.rpm
 7957439e200dd85d147896c324267d25  2008.1/i586/ghostscript-X-8.61-60.1mdv2008.1.i586.rpm
 2c15c85bde4846cf0e353bb05af17320  2008.1/i586/libgs8-8.61-60.1mdv2008.1.i586.rpm
 eb5d8bab4161862a3f52cac7e75026b1  2008.1/i586/libgs8-devel-8.61-60.1mdv2008.1.i586.rpm
 8c54dfe0af736153a138361ca4f7093a  2008.1/i586/libijs1-0.35-60.1mdv2008.1.i586.rpm
 e8192518fbd2f9931ae54a86bcbbf567  2008.1/i586/libijs1-devel-0.35-60.1mdv2008.1.i586.rpm 
 c65ca4c2032670ac4f30ef131a8f3d32  2008.1/SRPMS/ghostscript-8.61-60.1mdv2008.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0196
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0792
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6679
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6725