lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JV00J-0002TR-G9@artemis.annvix.ca>
Date: Fri, 29 Feb 2008 00:50:03 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:055 ] - Updated ghostscript packages
 fix arbitrary code execution vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:055
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : ghostscript
 Date    : February 29, 2008
 Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Chris Evans found a buffer overflow condition in Ghostscript, which can
 lead to arbitrary code execution as the user running any application
 using it to process a maliciously crafted Postscript file.
 
 The updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0411
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 adc368d980c87e91a980e485fb4e354d  2007.0/i586/ghostscript-8.15-47.1mdv2007.0.i586.rpm
 f46e26b01e4680e08df41f74aeb72f74  2007.0/i586/ghostscript-X-8.15-47.1mdv2007.0.i586.rpm
 868b81c842717472ee1c6b3e968b9299  2007.0/i586/ghostscript-common-8.15-47.1mdv2007.0.i586.rpm
 59e54a2acbba194ef3e322db75fb3eae  2007.0/i586/ghostscript-dvipdf-8.15-47.1mdv2007.0.i586.rpm
 03393c9564dfe104169618f8132e76c7  2007.0/i586/ghostscript-module-X-8.15-47.1mdv2007.0.i586.rpm
 476b2b85012f5671577f691981b70cb6  2007.0/i586/libgs8-8.15-47.1mdv2007.0.i586.rpm
 edaca05744d4e3e06ece218f096d318b  2007.0/i586/libgs8-devel-8.15-47.1mdv2007.0.i586.rpm
 4f3095b54b404cb51a351b8fd36a58c6  2007.0/i586/libijs1-0.35-47.1mdv2007.0.i586.rpm
 4fc99d3d1365a0f64e8828c0389396e2  2007.0/i586/libijs1-devel-0.35-47.1mdv2007.0.i586.rpm 
 e87895f43a658ff693dd890f70cac645  2007.0/SRPMS/ghostscript-8.15-47.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 0258f184c3bec2d9361a8ef20def2603  2007.0/x86_64/ghostscript-8.15-47.1mdv2007.0.x86_64.rpm
 ecd4058e54b39c09ec7c5d4ab7cd8e6b  2007.0/x86_64/ghostscript-X-8.15-47.1mdv2007.0.x86_64.rpm
 cc0f588e9b3abbed1f04296410361ad2  2007.0/x86_64/ghostscript-common-8.15-47.1mdv2007.0.x86_64.rpm
 d3a23bc6a83a50a04336757f856df761  2007.0/x86_64/ghostscript-dvipdf-8.15-47.1mdv2007.0.x86_64.rpm
 916ea2a068afaf69a8dcb182ae409098  2007.0/x86_64/ghostscript-module-X-8.15-47.1mdv2007.0.x86_64.rpm
 ab38b291e058f0fe93b35d647845d696  2007.0/x86_64/lib64gs8-8.15-47.1mdv2007.0.x86_64.rpm
 35c21066635384bc779d7191421dbdec  2007.0/x86_64/lib64gs8-devel-8.15-47.1mdv2007.0.x86_64.rpm
 565329aff7352e288bd013255a8ab2c0  2007.0/x86_64/lib64ijs1-0.35-47.1mdv2007.0.x86_64.rpm
 5e9b515501e6cd3c85bba86e124f709d  2007.0/x86_64/lib64ijs1-devel-0.35-47.1mdv2007.0.x86_64.rpm 
 e87895f43a658ff693dd890f70cac645  2007.0/SRPMS/ghostscript-8.15-47.1mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 8fcddc25006640ddefc391d31b08ce2b  2007.1/i586/ghostscript-8.15-48.1mdv2007.1.i586.rpm
 c7e24d11078548da50369047e1fdecb3  2007.1/i586/ghostscript-X-8.15-48.1mdv2007.1.i586.rpm
 d9445eab4bb7e790448c4c802d941dbe  2007.1/i586/ghostscript-common-8.15-48.1mdv2007.1.i586.rpm
 493426cfe807f8ca889a96ee458bcc3a  2007.1/i586/ghostscript-doc-8.15-48.1mdv2007.1.i586.rpm
 62a0643bb8cd0e0844509493668a4953  2007.1/i586/ghostscript-dvipdf-8.15-48.1mdv2007.1.i586.rpm
 c4464465d644514bfdf0a4bc625f0119  2007.1/i586/ghostscript-module-X-8.15-48.1mdv2007.1.i586.rpm
 eed89d0bc2cc95e9adc672fdd59ebb31  2007.1/i586/libgs8-8.15-48.1mdv2007.1.i586.rpm
 ea8dd403702adc9253a59486281f8e56  2007.1/i586/libgs8-devel-8.15-48.1mdv2007.1.i586.rpm
 b49d72f566ab385207a7c45b3a803d5c  2007.1/i586/libijs1-0.35-48.1mdv2007.1.i586.rpm
 e957af9ea00fa1af8a88bcad71b00da5  2007.1/i586/libijs1-devel-0.35-48.1mdv2007.1.i586.rpm 
 ce698dd8e3d6ffa4dac9c85c6774b705  2007.1/SRPMS/ghostscript-8.15-48.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 041a2281e9eee26da6ebfed6a5afff5d  2007.1/x86_64/ghostscript-8.15-48.1mdv2007.1.x86_64.rpm
 b77a5f0e94637e71c201f309598b6177  2007.1/x86_64/ghostscript-X-8.15-48.1mdv2007.1.x86_64.rpm
 308aebd935159313d40540d16786a541  2007.1/x86_64/ghostscript-common-8.15-48.1mdv2007.1.x86_64.rpm
 4d16151cdfde9be0cb0b58c39252284f  2007.1/x86_64/ghostscript-doc-8.15-48.1mdv2007.1.x86_64.rpm
 396d6d44f50c0fedc9cd835f072b1149  2007.1/x86_64/ghostscript-dvipdf-8.15-48.1mdv2007.1.x86_64.rpm
 37bb1f718fdac868711860cb209388d1  2007.1/x86_64/ghostscript-module-X-8.15-48.1mdv2007.1.x86_64.rpm
 d618f0081f802f928e4575c84525eebb  2007.1/x86_64/lib64gs8-8.15-48.1mdv2007.1.x86_64.rpm
 47347d420281dcc1a1c4fb73fbb9b8dc  2007.1/x86_64/lib64gs8-devel-8.15-48.1mdv2007.1.x86_64.rpm
 57ea6726ce602cbca5bdf2ab1b70b687  2007.1/x86_64/lib64ijs1-0.35-48.1mdv2007.1.x86_64.rpm
 92e04164225636994f9b21c9f97275ed  2007.1/x86_64/lib64ijs1-devel-0.35-48.1mdv2007.1.x86_64.rpm 
 ce698dd8e3d6ffa4dac9c85c6774b705  2007.1/SRPMS/ghostscript-8.15-48.1mdv2007.1.src.rpm

 Mandriva Linux 2008.0:
 49b3afcb2d92004226453776f86d17f8  2008.0/i586/ghostscript-8.60-55.2mdv2008.0.i586.rpm
 e2e0127a7511268838d6a72fd64e30cb  2008.0/i586/ghostscript-X-8.60-55.2mdv2008.0.i586.rpm
 2c721049901d8cf168401845bafba9b4  2008.0/i586/ghostscript-common-8.60-55.2mdv2008.0.i586.rpm
 06ad5f88130df04bbe60e36672cc4a9b  2008.0/i586/ghostscript-doc-8.60-55.2mdv2008.0.i586.rpm
 aa6252821371a033bb0f49af4de19bb7  2008.0/i586/ghostscript-dvipdf-8.60-55.2mdv2008.0.i586.rpm
 a3d50d5c5f66ff75de173834d1983add  2008.0/i586/ghostscript-module-X-8.60-55.2mdv2008.0.i586.rpm
 4c8656b63ec3bbd34b71c7597b8a837b  2008.0/i586/libgs8-8.60-55.2mdv2008.0.i586.rpm
 69c92737c6549de960e1bf00de202249  2008.0/i586/libgs8-devel-8.60-55.2mdv2008.0.i586.rpm
 a190981ad1630c4e12a12b8bc4c12473  2008.0/i586/libijs1-0.35-55.2mdv2008.0.i586.rpm
 7f9fa011cff43f74e31e3d93f95c55ce  2008.0/i586/libijs1-devel-0.35-55.2mdv2008.0.i586.rpm 
 e6b171ef6814b45477e23182d9ddf2a7  2008.0/SRPMS/ghostscript-8.60-55.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 500b80761ac353d23731d984def68d92  2008.0/x86_64/ghostscript-8.60-55.2mdv2008.0.x86_64.rpm
 3bab68bda03832898311b25d6c6b0965  2008.0/x86_64/ghostscript-X-8.60-55.2mdv2008.0.x86_64.rpm
 8d99e0abd15cd8b44fb0e06120d349a1  2008.0/x86_64/ghostscript-common-8.60-55.2mdv2008.0.x86_64.rpm
 99b1af93ba073df5eec2fabd799c8d67  2008.0/x86_64/ghostscript-doc-8.60-55.2mdv2008.0.x86_64.rpm
 a2594bed986560418a6cce0ad6f8cf8f  2008.0/x86_64/ghostscript-dvipdf-8.60-55.2mdv2008.0.x86_64.rpm
 3179463b7984f6bacae246fd25c5e3f5  2008.0/x86_64/ghostscript-module-X-8.60-55.2mdv2008.0.x86_64.rpm
 2fdc402ed4634389ba3f50afaded1513  2008.0/x86_64/lib64gs8-8.60-55.2mdv2008.0.x86_64.rpm
 2886de34c01602470cc83db8c9888969  2008.0/x86_64/lib64gs8-devel-8.60-55.2mdv2008.0.x86_64.rpm
 565a37afc54d44c24f8309c1804883d0  2008.0/x86_64/lib64ijs1-0.35-55.2mdv2008.0.x86_64.rpm
 85b9a2494b2818d781688bbb97eeda28  2008.0/x86_64/lib64ijs1-devel-0.35-55.2mdv2008.0.x86_64.rpm 
 e6b171ef6814b45477e23182d9ddf2a7  2008.0/SRPMS/ghostscript-8.60-55.2mdv2008.0.src.rpm

 Corporate 3.0:
 0740a55ffc51583ece0c3d6a2ec15a4f  corporate/3.0/i586/cups-drivers-1.1-138.5.C30mdk.i586.rpm
 da2dd1210913a6a99575c0f79c38691c  corporate/3.0/i586/foomatic-db-3.0.1-0.20040828.1.5.C30mdk.i586.rpm
 ebb4038eed47554cad5650625e0ae9aa  corporate/3.0/i586/foomatic-db-engine-3.0.1-0.20040828.1.5.C30mdk.i586.rpm
 284b88a6d93768260eabca912516ae57  corporate/3.0/i586/foomatic-filters-3.0.1-0.20040828.1.5.C30mdk.i586.rpm
 55fc4a04e6639dab571812a829dc7a1e  corporate/3.0/i586/ghostscript-7.07-19.5.C30mdk.i586.rpm
 d994fe4547f5715c4acd6eb1dc61193d  corporate/3.0/i586/ghostscript-module-X-7.07-19.5.C30mdk.i586.rpm
 900629317203474f65c061282906212d  corporate/3.0/i586/gimpprint-4.2.7-2.5.C30mdk.i586.rpm
 ee1e4e01f9c21fdf6de1a277fb24ed3f  corporate/3.0/i586/libgimpprint1-4.2.7-2.5.C30mdk.i586.rpm
 d7a1d015ed9891d1561e35e02f81a7a9  corporate/3.0/i586/libgimpprint1-devel-4.2.7-2.5.C30mdk.i586.rpm
 8e7ef9c19423f72e9966fb156a32baca  corporate/3.0/i586/libijs0-0.34-76.5.C30mdk.i586.rpm
 57b58d4e30c79d1d4b7451722cc162da  corporate/3.0/i586/libijs0-devel-0.34-76.5.C30mdk.i586.rpm
 9fab5e7e01363d2255254289b78b3bab  corporate/3.0/i586/printer-filters-1.0-138.5.C30mdk.i586.rpm
 231e989605b33feccfb79ba1fe7d0ec3  corporate/3.0/i586/printer-testpages-1.0-138.5.C30mdk.i586.rpm
 d4893b06e30cffd02a7166a49628ef22  corporate/3.0/i586/printer-utils-1.0-138.5.C30mdk.i586.rpm 
 45c844e2b7ec80a9760e54744d037bf8  corporate/3.0/SRPMS/printer-drivers-1.0-138.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 a12fc68fbca48a9008171cc549a35cbd  corporate/3.0/x86_64/cups-drivers-1.1-138.5.C30mdk.x86_64.rpm
 22cf7cedcb279846c96c706194faa521  corporate/3.0/x86_64/foomatic-db-3.0.1-0.20040828.1.5.C30mdk.x86_64.rpm
 316c8ab01584711de457f9e7456e81e5  corporate/3.0/x86_64/foomatic-db-engine-3.0.1-0.20040828.1.5.C30mdk.x86_64.rpm
 1dd119152e63debdfce4363fea924162  corporate/3.0/x86_64/foomatic-filters-3.0.1-0.20040828.1.5.C30mdk.x86_64.rpm
 51aef80b3a4b53fd50d586f94d06788f  corporate/3.0/x86_64/ghostscript-7.07-19.5.C30mdk.x86_64.rpm
 d8d729244d5c80e2c5b7e57a9246a81c  corporate/3.0/x86_64/ghostscript-module-X-7.07-19.5.C30mdk.x86_64.rpm
 e55c8ebe3c1c3c16c15e09af3ba5bbe3  corporate/3.0/x86_64/gimpprint-4.2.7-2.5.C30mdk.x86_64.rpm
 774e97478f61467e6c49071762d1aa5c  corporate/3.0/x86_64/lib64gimpprint1-4.2.7-2.5.C30mdk.x86_64.rpm
 0ae3a70574550131e04de6dd4d56b993  corporate/3.0/x86_64/lib64gimpprint1-devel-4.2.7-2.5.C30mdk.x86_64.rpm
 ce0029f485507164d9ac22004c799b94  corporate/3.0/x86_64/lib64ijs0-0.34-76.5.C30mdk.x86_64.rpm
 a3dc01753e534d6d2322e857ab1342ab  corporate/3.0/x86_64/lib64ijs0-devel-0.34-76.5.C30mdk.x86_64.rpm
 8850a9977a07ce8d0aae8e7f267dd035  corporate/3.0/x86_64/printer-filters-1.0-138.5.C30mdk.x86_64.rpm
 2b64059d49d4fbeae463a498faacccf9  corporate/3.0/x86_64/printer-testpages-1.0-138.5.C30mdk.x86_64.rpm
 c536d4e2d9288e75bba62c1960aac700  corporate/3.0/x86_64/printer-utils-1.0-138.5.C30mdk.x86_64.rpm 
 45c844e2b7ec80a9760e54744d037bf8  corporate/3.0/SRPMS/printer-drivers-1.0-138.5.C30mdk.src.rpm

 Corporate 4.0:
 128e352634d19ad2a2a58de91dc4ed61  corporate/4.0/i586/ghostscript-8.15-46.1.20060mlcs4.i586.rpm
 9b4de45a1c1bf7f628a2e82520ca8386  corporate/4.0/i586/ghostscript-X-8.15-46.1.20060mlcs4.i586.rpm
 3c690dfaabfb637cbb801a897b891928  corporate/4.0/i586/ghostscript-common-8.15-46.1.20060mlcs4.i586.rpm
 87a1efaed3d6135cedf0f8a0092cd0f7  corporate/4.0/i586/ghostscript-dvipdf-8.15-46.1.20060mlcs4.i586.rpm
 3710458d31e1254782fe3b2c700022f5  corporate/4.0/i586/ghostscript-module-X-8.15-46.1.20060mlcs4.i586.rpm
 cae65be57bfe60ff962f38ec21da10a6  corporate/4.0/i586/libgs8-8.15-46.1.20060mlcs4.i586.rpm
 69cda6990a6bd4fc281bba2310d782a4  corporate/4.0/i586/libgs8-devel-8.15-46.1.20060mlcs4.i586.rpm
 608259ea7eca0233dacf0423cf4412ce  corporate/4.0/i586/libijs1-0.35-46.1.20060mlcs4.i586.rpm
 5c7dc11cbd7bef1304484fdfa73254df  corporate/4.0/i586/libijs1-devel-0.35-46.1.20060mlcs4.i586.rpm 
 17b52eacabca6e84238c4e0400caad6d  corporate/4.0/SRPMS/ghostscript-8.15-46.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 f30959f1ab27734a96a5aff0f89b655b  corporate/4.0/x86_64/ghostscript-8.15-46.1.20060mlcs4.x86_64.rpm
 2b360f654a4239bc9445be1ee988dac8  corporate/4.0/x86_64/ghostscript-X-8.15-46.1.20060mlcs4.x86_64.rpm
 cd43deb0bb76723dc1991b6b38d40e5f  corporate/4.0/x86_64/ghostscript-common-8.15-46.1.20060mlcs4.x86_64.rpm
 2336c92f72f4c023a06b83ad8d00e739  corporate/4.0/x86_64/ghostscript-dvipdf-8.15-46.1.20060mlcs4.x86_64.rpm
 c7749f1faf9dbb1119796dfc3234ff0c  corporate/4.0/x86_64/ghostscript-module-X-8.15-46.1.20060mlcs4.x86_64.rpm
 55a229c2bcd6ce2db4e4eb63cc511420  corporate/4.0/x86_64/lib64gs8-8.15-46.1.20060mlcs4.x86_64.rpm
 1e3a9b7b9524e064b8527b3fdccf9ed0  corporate/4.0/x86_64/lib64gs8-devel-8.15-46.1.20060mlcs4.x86_64.rpm
 6b2abd6151b5d2bb9d55c0a14cca79d2  corporate/4.0/x86_64/lib64ijs1-0.35-46.1.20060mlcs4.x86_64.rpm
 b40fa6a2c4adabecdedd0363fd62c893  corporate/4.0/x86_64/lib64ijs1-devel-0.35-46.1.20060mlcs4.x86_64.rpm 
 17b52eacabca6e84238c4e0400caad6d  corporate/4.0/SRPMS/ghostscript-8.15-46.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHx41LmqjQ0CJFipgRAlhvAKDI73J1CwV3f5hvv3tlUTIkwn4kAwCfZ5ij
gUc1w5OIYN3KI1c8snNYJ5Q=
=+hFr
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ