lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071022222325.GG7963@outflux.net>
Date: Mon, 22 Oct 2007 15:23:26 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-501-2] Ghostscript vulnerability

=========================================================== 
Ubuntu Security Notice USN-501-2           October 22, 2007
ghostscript, gs-gpl vulnerability
CVE-2007-2721
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
  gs-gpl                          8.50-1.1ubuntu1.1

Ubuntu 7.04:
  gs-gpl                          8.54.dfsg.1-5ubuntu0.1

Ubuntu 7.10:
  libgs8                          8.61.dfsg.1~svn8187-0ubuntu3.2

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

USN-501-1 fixed vulnerabilities in Jasper.  This update provides the
corresponding update for the Jasper internal to Ghostscript.

Original advisory details:

 It was discovered that Jasper did not correctly handle corrupted JPEG2000
 images. By tricking a user into opening a specially crafted JPG, a
 remote attacker could cause the application using libjasper to crash,
 resulting in a denial of service.


Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1.diff.gz
      Size/MD5:    67825 24c3ba47de3d515ca06c2495bb392a7a
    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1.dsc
      Size/MD5:      807 4eefa78e5095f42b9c5d494cf09428ef
    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50.orig.tar.gz
      Size/MD5:  9981486 661cacc387fb908f434bfbf5eef5c0ce

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs_8.50-1.1ubuntu1.1_all.deb
      Size/MD5:    15070 fafff8ca5d1227f2b4b5c4fb226d39db

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1_amd64.deb
      Size/MD5:  3059950 e620f666142763b52140daa9726e449c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1_i386.deb
      Size/MD5:  2939748 04aa794409aceaac179d49ae87aee724

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1_powerpc.deb
      Size/MD5:  3055134 d205d74f25f95573dda3e21daebd623b

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1_sparc.deb
      Size/MD5:  2892774 6026412a02292a0a2a09b8749482087a

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1.diff.gz
      Size/MD5:   216563 5d9d6b6e7c2cb60324b8b22f814d2c1d
    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1.dsc
      Size/MD5:      921 a79422b4b4da56292eb4a676a7c8a55c
    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1.orig.tar.gz
      Size/MD5: 11695732 05938e26bfa8769e28cf2bb38efd9673

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs_8.54.dfsg.1-5ubuntu0.1_all.deb
      Size/MD5:    14476 73c8db82eb25a3fd7a0eaf4bfa00cf31

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1_amd64.deb
      Size/MD5:  5596628 2b28fd56fd5e92f957a62fb732f19051

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1_i386.deb
      Size/MD5:  5475346 991fc73a4134e80597aa43cc3bf94c6a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1_powerpc.deb
      Size/MD5:  5598588 f4a3003bd4091995d9e810c466bfaf5f

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1_sparc.deb
      Size/MD5:  5435454 674583e8010623b9a1bb2bb77c210b8d

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2.diff.gz
      Size/MD5:    41503 36559042166113bc1ae4517061b84a95
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2.dsc
      Size/MD5:     1223 e2ba739ac7a01b16ce4155f4cc40f09f
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187.orig.tar.gz
      Size/MD5: 11689594 7eadf4f53880e96a3846bd318a19d4c6

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-doc_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
      Size/MD5:  2642016 fd3966dd9c8bfcdbf2baae653c45016b
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-esp-x_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
      Size/MD5:    17988 7fbd17c2e97569bf9f421347cc9222a0
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-gpl_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
      Size/MD5:    17986 7bcda0db9d9a35e0f33cd4c678e7127b
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
      Size/MD5:    17978 50a88cbff15db43a130d1aac36ccae0e
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-esp-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
      Size/MD5:    17996 ac5838f0de794084c51cb91067dcb94a
    http://security.ubuntu.com/ubuntu/pool/multiverse/g/ghostscript/gs-aladdin_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
      Size/MD5:    17990 2a4b815e3a1ae3020ed5c197e23ccfef
    http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-common_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
      Size/MD5:    17992 6b69c66e0197873188effa331e6bd609
    http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
      Size/MD5:    17984 7e4fcdd09587d654d1bfc9a936b811dd

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1~svn8187-0ubuntu3.2_amd64.deb
      Size/MD5:    52624 b3570401d8a6ba5f329941c9638e25fb
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2_amd64.deb
      Size/MD5:   744174 f729d0fc6175826b154ae6784783956a
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_amd64.deb
      Size/MD5:    26168 2ced73ab1d71a6cd845b6ddc8cbefe21
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1~svn8187-0ubuntu3.2_amd64.deb
      Size/MD5:  2274258 d9f7c3547d7c4aadba00bc87a169ec6d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1~svn8187-0ubuntu3.2_i386.deb
      Size/MD5:    50944 d1f38c478568ad6faae8854ba21ad1b6
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2_i386.deb
      Size/MD5:   744088 0e408d5f43dfef4b4f34c3f3e482890b
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_i386.deb
      Size/MD5:    26166 fc555aca9cf72e07794b5f4285e7d37e
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1~svn8187-0ubuntu3.2_i386.deb
      Size/MD5:  2204436 6e2c8b208a144e3118d382be009fa2ee

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1~svn8187-0ubuntu3.2_powerpc.deb
      Size/MD5:    55926 2bf8c133c40b6272e00894a6733cb510
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2_powerpc.deb
      Size/MD5:   746418 a72d38818d3d8ee9e99dcd48537686a7
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_powerpc.deb
      Size/MD5:    26170 6daabc5a355d3ee00db2d61d7fabecaf
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1~svn8187-0ubuntu3.2_powerpc.deb
      Size/MD5:  2385980 d73b8d7f809757a7032462d4e84cca86

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1~svn8187-0ubuntu3.2_sparc.deb
      Size/MD5:    49962 ba32df2140be502377d97c61e09226a4
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2_sparc.deb
      Size/MD5:   744174 c17b090ca55a7e8474f83f73a9d4ad42
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_sparc.deb
      Size/MD5:    26170 84cdfccd6c4bcb264b936ba4257422a1
    http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1~svn8187-0ubuntu3.2_sparc.deb
      Size/MD5:  2185664 86158a2dd15d556b7bffde1bbaba1b09


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ