[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071022222325.GG7963@outflux.net>
Date: Mon, 22 Oct 2007 15:23:26 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-501-2] Ghostscript vulnerability
===========================================================
Ubuntu Security Notice USN-501-2 October 22, 2007
ghostscript, gs-gpl vulnerability
CVE-2007-2721
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.10:
gs-gpl 8.50-1.1ubuntu1.1
Ubuntu 7.04:
gs-gpl 8.54.dfsg.1-5ubuntu0.1
Ubuntu 7.10:
libgs8 8.61.dfsg.1~svn8187-0ubuntu3.2
In general, a standard system upgrade is sufficient to affect the
necessary changes.
Details follow:
USN-501-1 fixed vulnerabilities in Jasper. This update provides the
corresponding update for the Jasper internal to Ghostscript.
Original advisory details:
It was discovered that Jasper did not correctly handle corrupted JPEG2000
images. By tricking a user into opening a specially crafted JPG, a
remote attacker could cause the application using libjasper to crash,
resulting in a denial of service.
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1.diff.gz
Size/MD5: 67825 24c3ba47de3d515ca06c2495bb392a7a
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1.dsc
Size/MD5: 807 4eefa78e5095f42b9c5d494cf09428ef
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50.orig.tar.gz
Size/MD5: 9981486 661cacc387fb908f434bfbf5eef5c0ce
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs_8.50-1.1ubuntu1.1_all.deb
Size/MD5: 15070 fafff8ca5d1227f2b4b5c4fb226d39db
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1_amd64.deb
Size/MD5: 3059950 e620f666142763b52140daa9726e449c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1_i386.deb
Size/MD5: 2939748 04aa794409aceaac179d49ae87aee724
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1_powerpc.deb
Size/MD5: 3055134 d205d74f25f95573dda3e21daebd623b
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.50-1.1ubuntu1.1_sparc.deb
Size/MD5: 2892774 6026412a02292a0a2a09b8749482087a
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1.diff.gz
Size/MD5: 216563 5d9d6b6e7c2cb60324b8b22f814d2c1d
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1.dsc
Size/MD5: 921 a79422b4b4da56292eb4a676a7c8a55c
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1.orig.tar.gz
Size/MD5: 11695732 05938e26bfa8769e28cf2bb38efd9673
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs_8.54.dfsg.1-5ubuntu0.1_all.deb
Size/MD5: 14476 73c8db82eb25a3fd7a0eaf4bfa00cf31
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1_amd64.deb
Size/MD5: 5596628 2b28fd56fd5e92f957a62fb732f19051
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1_i386.deb
Size/MD5: 5475346 991fc73a4134e80597aa43cc3bf94c6a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1_powerpc.deb
Size/MD5: 5598588 f4a3003bd4091995d9e810c466bfaf5f
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/g/gs-gpl/gs-gpl_8.54.dfsg.1-5ubuntu0.1_sparc.deb
Size/MD5: 5435454 674583e8010623b9a1bb2bb77c210b8d
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2.diff.gz
Size/MD5: 41503 36559042166113bc1ae4517061b84a95
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2.dsc
Size/MD5: 1223 e2ba739ac7a01b16ce4155f4cc40f09f
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187.orig.tar.gz
Size/MD5: 11689594 7eadf4f53880e96a3846bd318a19d4c6
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-doc_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
Size/MD5: 2642016 fd3966dd9c8bfcdbf2baae653c45016b
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-esp-x_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
Size/MD5: 17988 7fbd17c2e97569bf9f421347cc9222a0
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs-gpl_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
Size/MD5: 17986 7bcda0db9d9a35e0f33cd4c678e7127b
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/gs_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
Size/MD5: 17978 50a88cbff15db43a130d1aac36ccae0e
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-esp-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
Size/MD5: 17996 ac5838f0de794084c51cb91067dcb94a
http://security.ubuntu.com/ubuntu/pool/multiverse/g/ghostscript/gs-aladdin_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
Size/MD5: 17990 2a4b815e3a1ae3020ed5c197e23ccfef
http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-common_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
Size/MD5: 17992 6b69c66e0197873188effa331e6bd609
http://security.ubuntu.com/ubuntu/pool/universe/g/ghostscript/gs-esp_8.61.dfsg.1~svn8187-0ubuntu3.2_all.deb
Size/MD5: 17984 7e4fcdd09587d654d1bfc9a936b811dd
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1~svn8187-0ubuntu3.2_amd64.deb
Size/MD5: 52624 b3570401d8a6ba5f329941c9638e25fb
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2_amd64.deb
Size/MD5: 744174 f729d0fc6175826b154ae6784783956a
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_amd64.deb
Size/MD5: 26168 2ced73ab1d71a6cd845b6ddc8cbefe21
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1~svn8187-0ubuntu3.2_amd64.deb
Size/MD5: 2274258 d9f7c3547d7c4aadba00bc87a169ec6d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1~svn8187-0ubuntu3.2_i386.deb
Size/MD5: 50944 d1f38c478568ad6faae8854ba21ad1b6
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2_i386.deb
Size/MD5: 744088 0e408d5f43dfef4b4f34c3f3e482890b
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_i386.deb
Size/MD5: 26166 fc555aca9cf72e07794b5f4285e7d37e
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1~svn8187-0ubuntu3.2_i386.deb
Size/MD5: 2204436 6e2c8b208a144e3118d382be009fa2ee
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1~svn8187-0ubuntu3.2_powerpc.deb
Size/MD5: 55926 2bf8c133c40b6272e00894a6733cb510
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2_powerpc.deb
Size/MD5: 746418 a72d38818d3d8ee9e99dcd48537686a7
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_powerpc.deb
Size/MD5: 26170 6daabc5a355d3ee00db2d61d7fabecaf
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1~svn8187-0ubuntu3.2_powerpc.deb
Size/MD5: 2385980 d73b8d7f809757a7032462d4e84cca86
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript-x_8.61.dfsg.1~svn8187-0ubuntu3.2_sparc.deb
Size/MD5: 49962 ba32df2140be502377d97c61e09226a4
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/ghostscript_8.61.dfsg.1~svn8187-0ubuntu3.2_sparc.deb
Size/MD5: 744174 c17b090ca55a7e8474f83f73a9d4ad42
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs-dev_8.61.dfsg.1~svn8187-0ubuntu3.2_sparc.deb
Size/MD5: 26170 84cdfccd6c4bcb264b936ba4257422a1
http://security.ubuntu.com/ubuntu/pool/main/g/ghostscript/libgs8_8.61.dfsg.1~svn8187-0ubuntu3.2_sparc.deb
Size/MD5: 2185664 86158a2dd15d556b7bffde1bbaba1b09
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists